SSL configuration with Master/Slave

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL configuration with Master/Slave

Sundaram, Dinesh

Team,

 

I’m facing an SSL issue while configuring Master/Slave. Master runs fine lone with SSL and Slave runs fine lone with SSL but getting SSL exception during the synch up. It gives the below error. I believe we need to trust the target server at source. Can you give me the steps to allow inbound calls at source jvm. FYI, the same synch up works fine via http.

 

2018-01-08 13:57:06.735 WARN  (qtp33524623-16) [c:dm-global s:shard1 r:core_node2 x:dm-global_shard1_replica_n1] o.a.s.h.ReplicationHandler Exception while invoking 'details' method for replication on master

org.apache.solr.client.solrj.SolrServerException: IOException occured when talking to server at: https://test21.mastercard.int:8983/solr/dm-global_shard1_replica_n1

        at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:640)

        at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:253)

        at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:242)

        at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1219)

        at org.apache.solr.handler.IndexFetcher.getDetails(IndexFetcher.java:1823)

        at org.apache.solr.handler.ReplicationHandler.getReplicationDetails(ReplicationHandler.java:954)

        at org.apache.solr.handler.ReplicationHandler.handleRequestBody(ReplicationHandler.java:332)

        at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:177)

        at org.apache.solr.core.SolrCore.execute(SolrCore.java:2484)

        at org.apache.solr.servlet.HttpSolrCall.execute(HttpSolrCall.java:720)

        at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:526)

        at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:382)

        at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:326)

        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751)

        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)

        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)

        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)

        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)

        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)

        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)

        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)

        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)

        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)

        at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)

        at org.eclipse.jetty.server.Server.handle(Server.java:534)

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)

        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)

        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)

        at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)

        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)

        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)

        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)

        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)

        at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)

        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)

        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)

       at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)

        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)

        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)

        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)

        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)

        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)

        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)

        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)

        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)

        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)

        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)

        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)

        at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:525)

        ... 39 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)

        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

        at sun.security.validator.Validator.validate(Validator.java:260)

        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)

        ... 59 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

        ... 65 more

 

Dinesh Sundaram

MBS Platform Engineering

 

Mastercard

 

CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.
Reply | Threaded
Open this post in threaded view
|

RE: SSL configuration with Master/Slave

Sundaram, Dinesh

FYI, This has been resolved.

 

Dinesh Sundaram

MBS Platform Engineering

 

Mastercard

 

From: Sundaram, Dinesh
Sent: Monday, January 8, 2018 1:58 PM
To: solr-user <[hidden email]>
Subject: SSL configuration with Master/Slave

 

Team,

 

I’m facing an SSL issue while configuring Master/Slave. Master runs fine lone with SSL and Slave runs fine lone with SSL but getting SSL exception during the synch up. It gives the below error. I believe we need to trust the target server at source. Can you give me the steps to allow inbound calls at source jvm. FYI, the same synch up works fine via http.

 

2018-01-08 13:57:06.735 WARN  (qtp33524623-16) [c:dm-global s:shard1 r:core_node2 x:dm-global_shard1_replica_n1] o.a.s.h.ReplicationHandler Exception while invoking 'details' method for replication on master

org.apache.solr.client.solrj.SolrServerException: IOException occured when talking to server at: https://test21.mastercard.int:8983/solr/dm-global_shard1_replica_n1

        at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:640)

        at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:253)

        at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:242)

        at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1219)

        at org.apache.solr.handler.IndexFetcher.getDetails(IndexFetcher.java:1823)

        at org.apache.solr.handler.ReplicationHandler.getReplicationDetails(ReplicationHandler.java:954)

        at org.apache.solr.handler.ReplicationHandler.handleRequestBody(ReplicationHandler.java:332)

        at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:177)

        at org.apache.solr.core.SolrCore.execute(SolrCore.java:2484)

        at org.apache.solr.servlet.HttpSolrCall.execute(HttpSolrCall.java:720)

        at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:526)

        at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:382)

        at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:326)

        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751)

        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)

        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)

        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)

        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)

        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)

        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)

        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)

        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)

        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)

        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)

        at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335)

        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)

        at org.eclipse.jetty.server.Server.handle(Server.java:534)

        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)

        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)

        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)

        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)

        at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)

        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)

        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)

        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)

        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)

        at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)

        at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)

        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)

        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)

       at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)

        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)

        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)

        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)

        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)

        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)

        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)

        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)

        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)

        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)

        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)

        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)

        at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:525)

        ... 39 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)

        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

        at sun.security.validator.Validator.validate(Validator.java:260)

        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)

        ... 59 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

        ... 65 more

 

Dinesh Sundaram

MBS Platform Engineering

 

Mastercard

 

CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.