Re: Solr 4.2.1 SSLInitializationException
:I'm confused ... it seems that you (or GlassFish) has created a :Catch-22... Glassfish specifies keystore as a system property, but does not require specifying the password for the keystore as a system property. GF uses a keychain mechanism, which requires the password to be passed from the DAS to access the keystore. :In SolrJ client code you can specify whatever HttpClient implementation :you want. In Solr (for it's use of talking to other nodes in distributed :search, which is what is indicated in your stack trace) :SystemDefaultHttpClient is hard coded. Thanks for the clarification. I am using DefaultHttpClient on the client side, but was hoping that there is a way around SystemDefaultHttpClient, in Solr. Looks like there is isn't any. Thanks for your help! From: Chris Hostetter hossman_luc...@fucit.org To: solr-user@lucene.apache.org solr-user@lucene.apache.org; Sarita Nair sarita...@yahoo.com Sent: Friday, April 12, 2013 3:07 PM Subject: Re: Solr 4.2.1 SSLInitializationException : Thanks for your response. As I mentioned in my email, I would prefer : the application to not have access to the keystore. Do you know if there I'm confused ... it seems that you (or GlassFish) has created a Catch-22... You say you don't want the application to have access to the keystore, but aparently you (or glassfish) is explicitly setting javax.net.ssl.keyStore to tell the application what keystore to use. The keystore you specify has a password set on it, but you are not telling the application what the password is, so it can't use that keystore. If you don't wnat to application to have access to the keystore at all, have you tried unsetting javax.net.ssl.keyStore ? : is a way of specifying a different HttpClient implementation (e.g. : DefaultHttpClient rather than SystemDefaultHttpClient) ? In SolrJ client code you can specify whatever HttpClient implementation you want. In Solr (for it's use of talking to other nodes in distributed search, which is what is indicated in your stack trace) SystemDefaultHttpClient is hard coded. -Hoss
Re: Solr 4.2.1 SSLInitializationException
: Thanks for your response. As I mentioned in my email, I would prefer : the application to not have access to the keystore. Do you know if there I'm confused ... it seems that you (or GlassFish) has created a Catch-22... You say you don't want the application to have access to the keystore, but aparently you (or glassfish) is explicitly setting javax.net.ssl.keyStore to tell the application what keystore to use. The keystore you specify has a password set on it, but you are not telling the application what the password is, so it can't use that keystore. If you don't wnat to application to have access to the keystore at all, have you tried unsetting javax.net.ssl.keyStore ? : is a way of specifying a different HttpClient implementation (e.g. : DefaultHttpClient rather than SystemDefaultHttpClient) ? In SolrJ client code you can specify whatever HttpClient implementation you want. In Solr (for it's use of talking to other nodes in distributed search, which is what is indicated in your stack trace) SystemDefaultHttpClient is hard coded. -Hoss
Re: Solr 4.2.1 SSLInitializationException
You have to add two new Java options to your Glassfish config (example if you use the standard keystore and truststore): asadmin create-jvm-options -- -Djavax.net.ssl.keyStorePassword=changeit asadmin create-jvm-options -- -Djavax.net.ssl.trustStorePassword=changeit /Uwe On 10 April 2013 03:59, Sarita Nair sarita...@yahoo.com wrote: Hi Chris, Thanks for your response. My understanding is that GlassFish specifies the keystore as a system property, but does not specify the password in order to protect it from snooping. There's a keychain that requires a password to be passed from the DAS in order to unlock the key for the keystore. Is there some way to specify a different HttpClient implementation (e.g. DefaultHttpClient rather than SystemDefaultHttpClient), as we don't want the application to have access to the keystore? I have also pasted the entire stack trace below: 2013-04-09 10:45:06,144 [main] ERROR org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs 2013-04-09 10:45:06,224 [main] ERROR org.apache.solr.core.SolrCore - null:org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default system SSL context at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368) at org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204) at org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82) at org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118) at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466) at org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:179) at org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:33) at org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:115) at org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:105) at org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:134) at com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79) at com.sun.enterprise.glassfish.bootstrap.GlassFishDecorator.start(GlassFishDecorator.java:63) at com.sun.enterprise.glassfish.bootstrap.osgi.OSGiGlassFishImpl.start(OSGiGlassFishImpl.java:69) at com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97) at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55) Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1214) at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281) at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366) ... 50 more Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) ... 54 more From: Chris Hostetter hossman_luc...@fucit.org To: solr-user@lucene.apache.org solr-user@lucene.apache.org; Sarita Nair sarita...@yahoo.com Sent: Tuesday, April 9, 2013 1:31 PM Subject: Re: Solr 4.2.1 SSLInitializationException : Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I : have seen similar problems being reported with Solr 4.2 Are you trying to use server SSL with glassfish? can you please post the full stack trace so we can see where this error is coming from. My best guess is that this is coming from the changes made in SOLR-4451 to use system defaults correctly when initializing HttpClient, which suggets that your problem is exactly what the error message says... Keystore was tampered with, or password was incorrect Is it possible that the default keystore password for your JVM (or as overridden by glassfish defaults - possibly using the javax.net.ssl.keyStore sysprop) has a password set on it? If so you need to confiure your JVM with the standard java system properties to specify what that password is. http://mail
Re: Solr 4.2.1 SSLInitializationException
Hi Uwe, Thanks for your response. As I mentioned in my email, I would prefer the application to not have access to the keystore. Do you know if there is a way of specifying a different HttpClient implementation (e.g. DefaultHttpClient rather than SystemDefaultHttpClient) ? From: Uwe Klosa uwe.kl...@gmail.com To: solr-user@lucene.apache.org; Sarita Nair sarita...@yahoo.com Sent: Wednesday, April 10, 2013 2:58 AM Subject: Re: Solr 4.2.1 SSLInitializationException You have to add two new Java options to your Glassfish config (example if you use the standard keystore and truststore): asadmin create-jvm-options -- -Djavax.net.ssl.keyStorePassword=changeit asadmin create-jvm-options -- -Djavax.net.ssl.trustStorePassword=changeit /Uwe On 10 April 2013 03:59, Sarita Nair sarita...@yahoo.com wrote: Hi Chris, Thanks for your response. My understanding is that GlassFish specifies the keystore as a system property, but does not specify the password in order to protect it from snooping. There's a keychain that requires a password to be passed from the DAS in order to unlock the key for the keystore. Is there some way to specify a different HttpClient implementation (e.g. DefaultHttpClient rather than SystemDefaultHttpClient), as we don't want the application to have access to the keystore? I have also pasted the entire stack trace below: 2013-04-09 10:45:06,144 [main] ERROR org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs 2013-04-09 10:45:06,224 [main] ERROR org.apache.solr.core.SolrCore - null:org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default system SSL context at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368) at org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204) at org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82) at org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118) at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466) at org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:179) at org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:33) at org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:115) at org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:105) at org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:134) at com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79) at com.sun.enterprise.glassfish.bootstrap.GlassFishDecorator.start(GlassFishDecorator.java:63) at com.sun.enterprise.glassfish.bootstrap.osgi.OSGiGlassFishImpl.start(OSGiGlassFishImpl.java:69) at com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97) at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55) Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1214) at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281) at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366) ... 50 more Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) ... 54 more From: Chris Hostetter hossman_luc...@fucit.org To: solr-user@lucene.apache.org solr-user@lucene.apache.org; Sarita Nair sarita...@yahoo.com Sent: Tuesday, April 9, 2013 1:31 PM Subject: Re: Solr 4.2.1 SSLInitializationException : Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I : have seen similar problems being reported with Solr 4.2 Are you trying to use server SSL with glassfish? can you please post the full stack trace so we can see where this error is coming from. My best guess is that this is coming from the changes made in SOLR-4451
Re: Solr 4.2.1 SSLInitializationException
Have you tried to create a HttpSolrServer with this constructor: * HttpSolrServerhttp://lucene.apache.org/solr/4_2_0/solr-solrj/org/apache/solr/client/solrj/impl/HttpSolrServer.html#HttpSolrServer(java.lang.String, org.apache.http.client.HttpClient)*(Stringhttp://download.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true baseURL, org.apache.http.client.HttpClient client) ? /Uwe On 10 April 2013 15:35, Sarita Nair sarita...@yahoo.com wrote: Hi Uwe, Thanks for your response. As I mentioned in my email, I would prefer the application to not have access to the keystore. Do you know if there is a way of specifying a different HttpClient implementation (e.g. DefaultHttpClient rather than SystemDefaultHttpClient) ? From: Uwe Klosa uwe.kl...@gmail.com To: solr-user@lucene.apache.org; Sarita Nair sarita...@yahoo.com Sent: Wednesday, April 10, 2013 2:58 AM Subject: Re: Solr 4.2.1 SSLInitializationException You have to add two new Java options to your Glassfish config (example if you use the standard keystore and truststore): asadmin create-jvm-options -- -Djavax.net.ssl.keyStorePassword=changeit asadmin create-jvm-options -- -Djavax.net.ssl.trustStorePassword=changeit /Uwe On 10 April 2013 03:59, Sarita Nair sarita...@yahoo.com wrote: Hi Chris, Thanks for your response. My understanding is that GlassFish specifies the keystore as a system property, but does not specify the password in order to protect it from snooping. There's a keychain that requires a password to be passed from the DAS in order to unlock the key for the keystore. Is there some way to specify a different HttpClient implementation (e.g. DefaultHttpClient rather than SystemDefaultHttpClient), as we don't want the application to have access to the keystore? I have also pasted the entire stack trace below: 2013-04-09 10:45:06,144 [main] ERROR org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs 2013-04-09 10:45:06,224 [main] ERROR org.apache.solr.core.SolrCore - null:org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default system SSL context at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368) at org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204) at org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82) at org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118) at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466) at org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:179) at org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:33) at org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:115) at org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:105) at org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:134) at com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79) at com.sun.enterprise.glassfish.bootstrap.GlassFishDecorator.start(GlassFishDecorator.java:63) at com.sun.enterprise.glassfish.bootstrap.osgi.OSGiGlassFishImpl.start(OSGiGlassFishImpl.java:69) at com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97) at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55) Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1214) at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281) at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366) ... 50 more Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) ... 54 more
Solr 4.2.1 SSLInitializationException
Hi All, Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I have seen similar problems being reported with Solr 4.2 and my take-away was that 4.2.1 contains the necessary fix. Any help with this will be appreciated. Thanks! 2013-04-09 10:45:06,144 [main] ERROR org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs 2013-04-09 10:45:06,224 [main] ERROR org.apache.solr.core.SolrCore - null:org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default system SSL context Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1214) at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281) at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366) ... 50 more Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
Re: Solr 4.2.1 SSLInitializationException
: Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I : have seen similar problems being reported with Solr 4.2 Are you trying to use server SSL with glassfish? can you please post the full stack trace so we can see where this error is coming from. My best guess is that this is coming from the changes made in SOLR-4451 to use system defaults correctly when initializing HttpClient, which suggets that your problem is exactly what the error message says... Keystore was tampered with, or password was incorrect Is it possible that the default keystore password for your JVM (or as overridden by glassfish defaults - possibly using the javax.net.ssl.keyStore sysprop) has a password set on it? If so you need to confiure your JVM with the standard java system properties to specify what that password is. http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201303.mbox/%3c1364232676233-4051159.p...@n3.nabble.com%3E : 2013-04-09 10:45:06,144 [main] ERROR : org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs : 2013-04-09 10:45:06,224 [main] ERROR : org.apache.solr.core.SolrCore - : null:org.apache.http.conn.ssl.SSLInitializationException: Failure : initializing default system SSL context : Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect : at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) : at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) : at java.security.KeyStore.load(KeyStore.java:1214) : at : org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281) : at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366) : ... 50 more : Caused by: java.security.UnrecoverableKeyException: Password verification failed : at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) -Hoss
Re: Solr 4.2.1 SSLInitializationException
Hi Chris, Thanks for your response. My understanding is that GlassFish specifies the keystore as a system property, but does not specify the password in order to protect it from snooping. There's a keychain that requires a password to be passed from the DAS in order to unlock the key for the keystore. Is there some way to specify a different HttpClient implementation (e.g. DefaultHttpClient rather than SystemDefaultHttpClient), as we don't want the application to have access to the keystore? I have also pasted the entire stack trace below: 2013-04-09 10:45:06,144 [main] ERROR org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs 2013-04-09 10:45:06,224 [main] ERROR org.apache.solr.core.SolrCore - null:org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default system SSL context at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368) at org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204) at org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82) at org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118) at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466) at org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:179) at org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:33) at org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:115) at org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:105) at org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:134) at com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79) at com.sun.enterprise.glassfish.bootstrap.GlassFishDecorator.start(GlassFishDecorator.java:63) at com.sun.enterprise.glassfish.bootstrap.osgi.OSGiGlassFishImpl.start(OSGiGlassFishImpl.java:69) at com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97) at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55) Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1214) at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281) at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366) ... 50 more Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) ... 54 more From: Chris Hostetter hossman_luc...@fucit.org To: solr-user@lucene.apache.org solr-user@lucene.apache.org; Sarita Nair sarita...@yahoo.com Sent: Tuesday, April 9, 2013 1:31 PM Subject: Re: Solr 4.2.1 SSLInitializationException : Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I : have seen similar problems being reported with Solr 4.2 Are you trying to use server SSL with glassfish? can you please post the full stack trace so we can see where this error is coming from. My best guess is that this is coming from the changes made in SOLR-4451 to use system defaults correctly when initializing HttpClient, which suggets that your problem is exactly what the error message says... Keystore was tampered with, or password was incorrect Is it possible that the default keystore password for your JVM (or as overridden by glassfish defaults - possibly using the javax.net.ssl.keyStore sysprop) has a password set on it? If so you need to confiure your JVM with the standard java system properties to specify what that password is. http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201303.mbox/%3c1364232676233-4051159.p...@n3.nabble.com%3E : 2013-04-09 10:45:06,144 [main] ERROR : org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs : 2013-04-09 10:45:06,224 [main] ERROR : org.apache.solr.core.SolrCore