Re: Enable https for Solr

[Zheng Lin Edwin Yeo]

Hi Shawn,

The same problem is happening in both SolrJ and SimplePostTool.
I got the same error for both.

Regards,
Edwin


On 22 April 2017 at 20:25, Shawn Heisey  wrote:

> On 4/22/2017 1:45 AM, Zheng Lin Edwin Yeo wrote:
> > Hi Steve,
> >
> > Yes, I have set that in solr.in.cmd.
>
> The *client* is where the certificate validation problem is happening.
> The client (you said SolrJ, but the stacktrace indicates it is
> SimplePostTool) is what needs the keystore-related system properties.
>
> Thanks,
> Shawn
>
>

Re: Enable https for Solr

[Shawn Heisey]

On 4/22/2017 1:45 AM, Zheng Lin Edwin Yeo wrote:
> Hi Steve,
>
> Yes, I have set that in solr.in.cmd.

The *client* is where the certificate validation problem is happening. 
The client (you said SolrJ, but the stacktrace indicates it is
SimplePostTool) is what needs the keystore-related system properties.

Thanks,
Shawn

Re: Enable https for Solr

[Zheng Lin Edwin Yeo]

Hi Steve,

Yes, I have set that in solr.in.cmd.

Regards,
Edwin

On 22 April 2017 at 01:51, Steve Rowe  wrote:

> Edwin,
>
> Did you set the required keystore/truststore/password system properties?
> See the example at  Enabling+SSL#EnablingSSL-IndexadocumentusingCloudSolrClient>
>
> --
> Steve
> www.lucidworks.com
>
> > On Apr 21, 2017, at 1:44 PM, Zheng Lin Edwin Yeo 
> wrote:
> >
> > Thank you Steve.
> >
> > I have managed to set up the SSL, and the query via https is working now.
> >
> > However, I am getting this error when I tried to do indexing using
> SolrJ. I
> > have already changed the URL to pass using https.
> >
> > What could be the reason that causes this?
> >
> > javax.net.ssl.SSLHandshakeException: sun.security.validator.
> > ValidatorException:
> > PKIX path building failed: sun.security.provider.certpath.
> > SunCertPathBuilderExce
> > ption: unable to find valid certification path to requested target
> >at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> >at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> >at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> >at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> >at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown
> > Source)
> >at sun.security.ssl.ClientHandshaker.processMessage(Unknown
> Source)
> >at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> >at sun.security.ssl.Handshaker.process_record(Unknown Source)
> >at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> >at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> > Source
> > )
> >at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> >at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> >at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> > Source)
> >at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnec
> > tion.connect
> > (Unknown Source)
> >at sun.net.www.protocol.http.HttpURLConnection.
> getInputStream0(Unknown
> > S
> > ource)
> >at sun.net.www.protocol.http.HttpURLConnection.
> getInputStream(Unknown
> > So
> > urce)
> >at sun.net.www.protocol.https.HttpsURLConnectionImpl.
> > getInputStream(Unkn
> > own Source)
> >at org.apache.solr.util.SimplePostTool.doHttpGet(
> > SimplePostTool.java:1702)
> >at org.apache.solr.util.SimplePostTool.main(SimplePostTool.j
> > ava:256)
> > Caused by: sun.security.validator.ValidatorException: PKIX path building
> > failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find
> > vali
> > d certification path to requested target
> >at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> >at sun.security.validator.PKIXValidator.engineValidate(Unknown
> > Source)
> >at sun.security.validator.Validator.validate(Unknown Source)
> >at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
> >at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown
> > Source)
> >at sun.security.ssl.X509TrustManagerImpl.
> checkServerTrusted(Unknown
> > Sour
> > ce)
> >... 15 more
> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to
> > find valid certification path to requested target
> >at sun.security.provider.certpath.SunCertPathBuilder.
> build(Unknown
> > Sourc
> > e)
> >at sun.security.provider.certpath.SunCertPathBuilder.
> > engineBuild(Unknown
> > Source)
> >at java.security.cert.CertPathBuilder.build(Unknown Source)
> >... 21 more
> > javax.net.ssl.SSLHandshakeException: sun.security.validator.
> > ValidatorException:
> > PKIX path building failed: sun.security.provider.certpath.
> > SunCertPathBuilderExce
> > ption: unable to find valid certification path to requested target
> >at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> >at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> >at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> >at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> >at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown
> > Source)
> >at sun.security.ssl.ClientHandshaker.processMessage(Unknown
> Source)
> >at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> >at sun.security.ssl.Handshaker.process_record(Unknown Source)
> >at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> >at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> > Source
> > )
> >at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> >at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> >at 

Re: Enable https for Solr

[Steve Rowe]

Edwin,

Did you set the required keystore/truststore/password system properties?  See 
the example at 


--
Steve
www.lucidworks.com

> On Apr 21, 2017, at 1:44 PM, Zheng Lin Edwin Yeo  wrote:
> 
> Thank you Steve.
> 
> I have managed to set up the SSL, and the query via https is working now.
> 
> However, I am getting this error when I tried to do indexing using SolrJ. I
> have already changed the URL to pass using https.
> 
> What could be the reason that causes this?
> 
> javax.net.ssl.SSLHandshakeException: sun.security.validator.
> ValidatorException:
> PKIX path building failed: sun.security.provider.certpath.
> SunCertPathBuilderExce
> ption: unable to find valid certification path to requested target
>at sun.security.ssl.Alerts.getSSLException(Unknown Source)
>at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
>at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
>at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
>at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown
> Source)
>at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
>at sun.security.ssl.Handshaker.processLoop(Unknown Source)
>at sun.security.ssl.Handshaker.process_record(Unknown Source)
>at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
>at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source
> )
>at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> Source)
>at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnec
> tion.connect
> (Unknown Source)
>at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown
> S
> ource)
>at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
> So
> urce)
>at sun.net.www.protocol.https.HttpsURLConnectionImpl.
> getInputStream(Unkn
> own Source)
>at org.apache.solr.util.SimplePostTool.doHttpGet(
> SimplePostTool.java:1702)
>at org.apache.solr.util.SimplePostTool.main(SimplePostTool.j
> ava:256)
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> vali
> d certification path to requested target
>at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
>at sun.security.validator.PKIXValidator.engineValidate(Unknown
> Source)
>at sun.security.validator.Validator.validate(Unknown Source)
>at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
>at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown
> Source)
>at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Sour
> ce)
>... 15 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to
> find valid certification path to requested target
>at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown
> Sourc
> e)
>at sun.security.provider.certpath.SunCertPathBuilder.
> engineBuild(Unknown
> Source)
>at java.security.cert.CertPathBuilder.build(Unknown Source)
>... 21 more
> javax.net.ssl.SSLHandshakeException: sun.security.validator.
> ValidatorException:
> PKIX path building failed: sun.security.provider.certpath.
> SunCertPathBuilderExce
> ption: unable to find valid certification path to requested target
>at sun.security.ssl.Alerts.getSSLException(Unknown Source)
>at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
>at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
>at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
>at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown
> Source)
>at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
>at sun.security.ssl.Handshaker.processLoop(Unknown Source)
>at sun.security.ssl.Handshaker.process_record(Unknown Source)
>at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
>at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source
> )
>at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> Source)
>at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnec
> tion.connect
> (Unknown Source)
>at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown
> S
> ource)
>at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
> So
> urce)
>at 

Re: Enable https for Solr

[Zheng Lin Edwin Yeo]

Thank you Steve.

I have managed to set up the SSL, and the query via https is working now.

However, I am getting this error when I tried to do indexing using SolrJ. I
have already changed the URL to pass using https.

What could be the reason that causes this?

javax.net.ssl.SSLHandshakeException: sun.security.validator.
ValidatorException:
PKIX path building failed: sun.security.provider.certpath.
SunCertPathBuilderExce
ption: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source
)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnec
tion.connect
(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown
S
ource)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
So
urce)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.
getInputStream(Unkn
own Source)
at org.apache.solr.util.SimplePostTool.doHttpGet(
SimplePostTool.java:1702)
at org.apache.solr.util.SimplePostTool.main(SimplePostTool.j
ava:256)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed:
 sun.security.provider.certpath.SunCertPathBuilderException: unable to find
vali
d certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown
Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown
Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Sour
ce)
... 15 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to
 find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown
Sourc
e)
at sun.security.provider.certpath.SunCertPathBuilder.
engineBuild(Unknown
 Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 21 more
javax.net.ssl.SSLHandshakeException: sun.security.validator.
ValidatorException:
PKIX path building failed: sun.security.provider.certpath.
SunCertPathBuilderExce
ption: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source
)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnec
tion.connect
(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown
S
ource)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
So
urce)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.
getInputStream(Unkn
own Source)
at org.apache.solr.util.SimplePostTool.doHttpGet(
SimplePostTool.java:1702)
at org.apache.solr.util.SimplePostTool.main(SimplePostTool.j
ava:256)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed:
 sun.security.provider.certpath.SunCertPathBuilderException: unable to find
vali
d certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at 

Re: Enable https for Solr

[Steve Rowe]

Hi Edwin,

See .

--
Steve
www.lucidworks.com

> On Apr 21, 2017, at 12:03 AM, Zheng Lin Edwin Yeo  
> wrote:
> 
> Hi,
> 
> I would like to find out, how can we allow Solr to accept secure
> connections via https?
> 
> I am using SolrCloud on Solr 6.4.2
> 
> Regards,
> Edwin