Hi Uwe, Thanks for your response. As I mentioned in my email, I would prefer the application to not have access to the keystore. Do you know if there is a way of specifying a different HttpClient implementation (e.g. DefaultHttpClient rather than SystemDefaultHttpClient) ?
________________________________ From: Uwe Klosa <uwe.kl...@gmail.com> To: solr-user@lucene.apache.org; Sarita Nair <sarita...@yahoo.com> Sent: Wednesday, April 10, 2013 2:58 AM Subject: Re: Solr 4.2.1 SSLInitializationException You have to add two new Java options to your Glassfish config (example if you use the standard keystore and truststore): asadmin create-jvm-options -- -Djavax.net.ssl.keyStorePassword=changeit asadmin create-jvm-options -- -Djavax.net.ssl.trustStorePassword=changeit /Uwe On 10 April 2013 03:59, Sarita Nair <sarita...@yahoo.com> wrote: > Hi Chris, > > Thanks for your response. > > My understanding is that GlassFish specifies the keystore as a system > property, > but does not specify the password in order to protect it from > snooping. There's > a keychain that requires a password to be passed from the DAS in order to > unlock the key for the keystore. > > Is there some way to specify a > different HttpClient implementation (e.g. DefaultHttpClient rather than > SystemDefaultHttpClient), as we don't want the application to have > access to the keystore? > > > I have also pasted the entire stack trace below: > > 2013-04-09 10:45:06,144 [main] ERROR > org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check > solr/home property and the logs > 2013-04-09 10:45:06,224 [main] ERROR org.apache.solr.core.SolrCore - > null:org.apache.http.conn.ssl.SSLInitializationException: Failure > initializing default system SSL context > at > org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368) > at > org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204) > at > org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82) > at > org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118) > at > org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466) > at > org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:179) > at > org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:33) > at > org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:115) > at > org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:105) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:134) > at > com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79) > at > com.sun.enterprise.glassfish.bootstrap.GlassFishDecorator.start(GlassFishDecorator.java:63) > at > com.sun.enterprise.glassfish.bootstrap.osgi.OSGiGlassFishImpl.start(OSGiGlassFishImpl.java:69) > at > com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at > com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97) > at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55) > Caused by: java.io.IOException: Keystore was tampered with, or password > was incorrect > at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) > at > sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) > at java.security.KeyStore.load(KeyStore.java:1214) > at > org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281) > at > org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366) > ... 50 more > Caused by: java.security.UnrecoverableKeyException: Password verification > failed > at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) > ... 54 more > > > > > > > > > > > > > > ________________________________ > From: Chris Hostetter <hossman_luc...@fucit.org> > To: "solr-user@lucene.apache.org" <solr-user@lucene.apache.org>; Sarita > Nair <sarita...@yahoo.com> > Sent: Tuesday, April 9, 2013 1:31 PM > Subject: Re: Solr 4.2.1 SSLInitializationException > > > : Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I > : have seen similar problems being reported with Solr 4.2 > > Are you trying to use server SSL with glassfish? > > can you please post the full stack trace so we can see where this error is > coming from. > > My best guess is that this is coming from the changes made in > SOLR-4451 to use system defaults correctly when initializing HttpClient, > which suggets that your problem is exactly what the error message says... > > "Keystore was tampered with, or password was incorrect" > > Is it possible that the default keystore password for your JVM (or as > overridden by glassfish defaults - possibly using the > "javax.net.ssl.keyStore" sysprop) has a password set on it? If so you > need to confiure your JVM with the standard java system properties to > specify what that password is. > > > http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201303.mbox/%3c1364232676233-4051159.p...@n3.nabble.com%3E > > : 2013-04-09 10:45:06,144 [main] ERROR > : org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check > solr/home property and the logs > : 2013-04-09 10:45:06,224 [main] ERROR > : org.apache.solr.core.SolrCore - > : null:org.apache.http.conn.ssl.SSLInitializationException: Failure > : initializing default system SSL context > : Caused by: java.io.IOException: Keystore was tampered with, or > password was incorrect > : at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) > : at > sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) > : at java.security.KeyStore.load(KeyStore.java:1214) > : at > : > org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281) > : at > org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366) > : ... 50 more > : Caused by: java.security.UnrecoverableKeyException: Password > verification failed > : at > sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) > > -Hoss >
