Hi Chris, Thanks for your response.
My understanding is that GlassFish specifies the keystore as a system property, but does not specify the password in order to protect it from snooping. There's a keychain that requires a password to be passed from the DAS in order to unlock the key for the keystore. Is there some way to specify a different HttpClient implementation (e.g. DefaultHttpClient rather than SystemDefaultHttpClient), as we don't want the application to have access to the keystore? I have also pasted the entire stack trace below: 2013-04-09 10:45:06,144 [main] ERROR org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs 2013-04-09 10:45:06,224 [main] ERROR org.apache.solr.core.SolrCore - null:org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default system SSL context at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368) at org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204) at org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82) at org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118) at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466) at org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:179) at org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:33) at org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:115) at org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:105) at org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:134) at com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79) at com.sun.enterprise.glassfish.bootstrap.GlassFishDecorator.start(GlassFishDecorator.java:63) at com.sun.enterprise.glassfish.bootstrap.osgi.OSGiGlassFishImpl.start(OSGiGlassFishImpl.java:69) at com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97) at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55) Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1214) at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281) at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366) ... 50 more Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) ... 54 more ________________________________ From: Chris Hostetter <hossman_luc...@fucit.org> To: "solr-user@lucene.apache.org" <solr-user@lucene.apache.org>; Sarita Nair <sarita...@yahoo.com> Sent: Tuesday, April 9, 2013 1:31 PM Subject: Re: Solr 4.2.1 SSLInitializationException : Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I : have seen similar problems being reported with Solr 4.2 Are you trying to use server SSL with glassfish? can you please post the full stack trace so we can see where this error is coming from. My best guess is that this is coming from the changes made in SOLR-4451 to use system defaults correctly when initializing HttpClient, which suggets that your problem is exactly what the error message says... "Keystore was tampered with, or password was incorrect" Is it possible that the default keystore password for your JVM (or as overridden by glassfish defaults - possibly using the "javax.net.ssl.keyStore" sysprop) has a password set on it? If so you need to confiure your JVM with the standard java system properties to specify what that password is. http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201303.mbox/%3c1364232676233-4051159.p...@n3.nabble.com%3E : 2013-04-09 10:45:06,144 [main] ERROR : org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs : 2013-04-09 10:45:06,224 [main] ERROR : org.apache.solr.core.SolrCore - : null:org.apache.http.conn.ssl.SSLInitializationException: Failure : initializing default system SSL context : Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect : at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) : at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) : at java.security.KeyStore.load(KeyStore.java:1214) : at : org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281) : at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366) : ... 50 more : Caused by: java.security.UnrecoverableKeyException: Password verification failed : at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) -Hoss
