unable to find valid certification path to requested target

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

unable to find valid certification path to requested target

JTytler
I have created a keystore file and have enabled SSL on my solr server using
the following  procedures:
 
1) Created pkcs#12 file using the command:
Keytool –genkey –alias aliasname –keystore /solr-ssl.keystore.pfx –storetype
PKCS12 –keyalg RSA –storepass password –ext
SAN=dns:localhost,dns:solr-devapp01.devt1.restOfDomain –validity 730
–keysize 2048
 
2) Imported the pkcs keystore file into Trusted Root Certification Authority
 
3) Copied the pkcs file solr-ssl.keystore.pfx to the solr /server/etc folder
 
4) Modified solr.in.cmd file with the following:
 
set SOLR_SSL_ENABLED=true
set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.pfx
set SOLR_SSL_KEY_STORE_PASSWORD=secret
set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.pfx
set SOLR_SSL_TRUST_STORE_PASSWORD=secret
 
set SOLR_SSL_NEED_CLIENT_AUTH=false
set SOLR_SSL_WANT_CLIENT_AUTH=false
set SOLR_SSL_KEY_STORE_TYPE=PKCS12
set SOLR_SSL_TRUST_STORE_TYPE=PKCS12
 
 
I can access the Solr admin at https://localhost:8983/solr and can also
crawl websites using Norconex httpcrawler.   However, after the documents
are crawled, I am unable to commit the crawled documents into the Solr
index.   I get the error "unable to find valid certification path to
requested target".  

I will appreciate if someone can help me with this as this is the first time
I am trying to set up SSL/TLM.




--
Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Reply | Threaded
Open this post in threaded view
|

Re: unable to find valid certification path to requested target

Branham, Jeremy (Experis)
Hi Joseph –
I don’t think this is a Solr issue. It sounds like your http crawling process doesn’t trust the cert that Solr is using.

Looks like you’re on the right track here – [I stumbled onto your post at Github]
https://github.com/Norconex/collector-http/issues/581

 
Jeremy Branham
[hidden email]

On 3/31/19, 9:26 PM, "JTytler" <[hidden email]> wrote:

    I have created a keystore file and have enabled SSL on my solr server using
    the following  procedures:
     
    1) Created pkcs#12 file using the command:
    Keytool –genkey –alias aliasname –keystore /solr-ssl.keystore.pfx –storetype
    PKCS12 –keyalg RSA –storepass password –ext
    SAN=dns:localhost,dns:solr-devapp01.devt1.restOfDomain –validity 730
    –keysize 2048
     
    2) Imported the pkcs keystore file into Trusted Root Certification Authority
     
    3) Copied the pkcs file solr-ssl.keystore.pfx to the solr /server/etc folder
     
    4) Modified solr.in.cmd file with the following:
     
    set SOLR_SSL_ENABLED=true
    set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.pfx
    set SOLR_SSL_KEY_STORE_PASSWORD=secret
    set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.pfx
    set SOLR_SSL_TRUST_STORE_PASSWORD=secret
     
    set SOLR_SSL_NEED_CLIENT_AUTH=false
    set SOLR_SSL_WANT_CLIENT_AUTH=false
    set SOLR_SSL_KEY_STORE_TYPE=PKCS12
    set SOLR_SSL_TRUST_STORE_TYPE=PKCS12
     
     
    I can access the Solr admin at https://urldefense.proofpoint.com/v2/url?u=https-3A__localhost-3A8983_solr&d=DwIFaQ&c=gtIjdLs6LnStUpy9cTOW9w&r=0SwsmPELGv6GC1_5JSQ9T7ZPMLljrIkbF_2jBCrKXI0&m=rnbRtumEySeUlFWuHX0AE4JO-I9o94nUnAfkrNPaAss&s=F7YCAJHvVKTe_QYZF14Rwcodu9JysDyVLVOzvLfc2l4&e= and can also
    crawl websites using Norconex httpcrawler.   However, after the documents
    are crawled, I am unable to commit the crawled documents into the Solr
    index.   I get the error "unable to find valid certification path to
    requested target".  
   
    I will appreciate if someone can help me with this as this is the first time
    I am trying to set up SSL/TLM.
   
   
   
   
    --
    Sent from: https://urldefense.proofpoint.com/v2/url?u=http-3A__lucene.472066.n3.nabble.com_Solr-2DUser-2Df472068.html&d=DwIFaQ&c=gtIjdLs6LnStUpy9cTOW9w&r=0SwsmPELGv6GC1_5JSQ9T7ZPMLljrIkbF_2jBCrKXI0&m=rnbRtumEySeUlFWuHX0AE4JO-I9o94nUnAfkrNPaAss&s=ex4KC7OKX1YMFfDWsANRffjk8DLl0SES-X04KWZzowg&e=
   

Reply | Threaded
Open this post in threaded view
|

Re: unable to find valid certification path to requested target

R Chander
 Hi Jeremy,
First of all, I want to thank you for helping me yesterday.  The issue is resolved now and I am able to index documents using Norconex Committer.  One issue that I am still running into is that I can run Solr admin using https://localhost:8983 but when I instead try accessing through https://mydomainname:8983, Chrome is giving me the error NET: ERR_CERT_COMMON_NAME_INVALID.  In my keystore file, I have used mydomainname as the CN.  Do you have any suggestions?  
Thanks again,
Joseph
    On Monday, April 1, 2019, 10:13:59 a.m. EDT, Branham, Jeremy (Experis) <[hidden email]> wrote:  
 
 Hi Joseph –
I don’t think this is a Solr issue. It sounds like your http crawling process doesn’t trust the cert that Solr is using.

Looks like you’re on the right track here – [I stumbled onto your post at Github]
https://github.com/Norconex/collector-http/issues/581

 
Jeremy Branham
[hidden email]

On 3/31/19, 9:26 PM, "JTytler" <[hidden email]> wrote:

    I have created a keystore file and have enabled SSL on my solr server using
    the following  procedures:
   
    1) Created pkcs#12 file using the command:
    Keytool –genkey –alias aliasname –keystore /solr-ssl.keystore.pfx –storetype
    PKCS12 –keyalg RSA –storepass password –ext
    SAN=dns:localhost,dns:solr-devapp01.devt1.restOfDomain –validity 730
    –keysize 2048
   
    2) Imported the pkcs keystore file into Trusted Root Certification Authority
   
    3) Copied the pkcs file solr-ssl.keystore.pfx to the solr /server/etc folder
   
    4) Modified solr.in.cmd file with the following:
   
    set SOLR_SSL_ENABLED=true
    set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.pfx
    set SOLR_SSL_KEY_STORE_PASSWORD=secret
    set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.pfx
    set SOLR_SSL_TRUST_STORE_PASSWORD=secret
   
    set SOLR_SSL_NEED_CLIENT_AUTH=false
    set SOLR_SSL_WANT_CLIENT_AUTH=false
    set SOLR_SSL_KEY_STORE_TYPE=PKCS12
    set SOLR_SSL_TRUST_STORE_TYPE=PKCS12
   
   
    I can access the Solr admin at https://urldefense.proofpoint.com/v2/url?u=https-3A__localhost-3A8983_solr&d=DwIFaQ&c=gtIjdLs6LnStUpy9cTOW9w&r=0SwsmPELGv6GC1_5JSQ9T7ZPMLljrIkbF_2jBCrKXI0&m=rnbRtumEySeUlFWuHX0AE4JO-I9o94nUnAfkrNPaAss&s=F7YCAJHvVKTe_QYZF14Rwcodu9JysDyVLVOzvLfc2l4&e= and can also
    crawl websites using Norconex httpcrawler.  However, after the documents
    are crawled, I am unable to commit the crawled documents into the Solr
    index.  I get the error "unable to find valid certification path to
    requested target". 
   
    I will appreciate if someone can help me with this as this is the first time
    I am trying to set up SSL/TLM.
   
   
   
   
    --
    Sent from: https://urldefense.proofpoint.com/v2/url?u=http-3A__lucene.472066.n3.nabble.com_Solr-2DUser-2Df472068.html&d=DwIFaQ&c=gtIjdLs6LnStUpy9cTOW9w&r=0SwsmPELGv6GC1_5JSQ9T7ZPMLljrIkbF_2jBCrKXI0&m=rnbRtumEySeUlFWuHX0AE4JO-I9o94nUnAfkrNPaAss&s=ex4KC7OKX1YMFfDWsANRffjk8DLl0SES-X04KWZzowg&e=