https://connect.hyland.com/t5/alfresco-forum/solr-tracker-sslhandshakeexception/m-p/4812#M2247 <HTML><HEAD></HEAD><BODY><P>Alfresco ships with its own client cert that is used by the SOLR server to authenticate requests coming from Alfresco. The log messages you are seeing indicate that something is wrong with the client certificate that Alfresco and SOLR are using.</P><P></P><P>This setup depends on Tomcat config and a keystore that, by default, resides in the alf_data directory.</P><P></P><P>Did you install using the installer?</P><P>Is your keystore directory where Alfresco expects?</P><P>Did you make any changes to Tomcat's server.xml or other Tomcat config?</P><P>Did you re-generate the SOLR SSL Certificate? If so, did you change the certificate's DN? If so, did you make the same change in the Tomcat config?</P><P>Did you make any changes to the Solr cores or their configuration (they also point to the keystore)?</P></BODY></HTML> Fri, 03 Feb 2017 16:31:33 GMT jpotts 2017-02-03T16:31:33Z https://connect.hyland.com/t5/alfresco-forum/solr-tracker-sslhandshakeexception/m-p/4811#M2246 The site is up and working for 5.1.g. However, the catalina.out log is peppered with gigabytes of the following:2017-02-02 16:17:30,049 ERROR [solr.tracker.AbstractTracker] [SolrTrackerScheduler_Worker-17] Tracking failedjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Thu, 02 Feb 2017 22:22:46 GMT https://connect.hyland.com/t5/alfresco-forum/solr-tracker-sslhandshakeexception/m-p/4811#M2246 garbetsp 2017-02-02T22:22:46Z https://connect.hyland.com/t5/alfresco-forum/solr-tracker-sslhandshakeexception/m-p/4812#M2247 <HTML><HEAD></HEAD><BODY><P>Alfresco ships with its own client cert that is used by the SOLR server to authenticate requests coming from Alfresco. The log messages you are seeing indicate that something is wrong with the client certificate that Alfresco and SOLR are using.</P><P></P><P>This setup depends on Tomcat config and a keystore that, by default, resides in the alf_data directory.</P><P></P><P>Did you install using the installer?</P><P>Is your keystore directory where Alfresco expects?</P><P>Did you make any changes to Tomcat's server.xml or other Tomcat config?</P><P>Did you re-generate the SOLR SSL Certificate? If so, did you change the certificate's DN? If so, did you make the same change in the Tomcat config?</P><P>Did you make any changes to the Solr cores or their configuration (they also point to the keystore)?</P></BODY></HTML> Fri, 03 Feb 2017 16:31:33 GMT https://connect.hyland.com/t5/alfresco-forum/solr-tracker-sslhandshakeexception/m-p/4812#M2247 jpotts 2017-02-03T16:31:33Z https://connect.hyland.com/t5/alfresco-forum/solr-tracker-sslhandshakeexception/m-p/4813#M2248 <HTML><HEAD></HEAD><BODY><P style="color: #727174; background-color: #ffffff; border: 0px;">&gt; Did you install using the installer?&nbsp;</P><P style="color: #727174; background-color: #ffffff; border: 0px;">Yes</P><P style="color: #727174; background-color: #ffffff; border: 0px;">&gt; Is your keystore directory where Alfresco expects?</P><P style="color: #727174; background-color: #ffffff; border: 0px;">Yes</P><P style="color: #727174; background-color: #ffffff; border: 0px;">&gt; Did you make any changes to Tomcat's server.xml or other Tomcat config?</P><P style="color: #727174; background-color: #ffffff; border: 0px;">Yes, I installed my own keystore with my own SSL certification issued by a provided we're required to use. Further, I set it up to use 8443 for connections which was also required by our organization's network team. I noticed that SOLR used 8443, but that was via localhost.</P><P style="color: #727174; background-color: #ffffff; border: 0px;">&gt; Did you re-generate the SOLR SSL Certificate? If so, did you change the certificate's DN? If so, did you make the same change in the Tomcat config?</P><P style="color: #727174; background-color: #ffffff; border: 0px;">I did not.</P><P style="color: #727174; background-color: #ffffff; border: 0px;">&gt; Did you make any changes to the Solr cores or their configuration (they also point to the keystore)?</P><P style="color: #727174; background-color: #ffffff; border: 0px;">No</P><P style="color: #727174; background-color: #ffffff; border: 0px;"></P><P style="color: #727174; background-color: #ffffff; border: 0px;">Can I just take the existing Alfresco keystore and add my cert to that?&nbsp;I think this is the root of the problem.</P></BODY></HTML> Fri, 03 Feb 2017 17:12:15 GMT https://connect.hyland.com/t5/alfresco-forum/solr-tracker-sslhandshakeexception/m-p/4813#M2248 garbetsp 2017-02-03T17:12:15Z https://connect.hyland.com/t5/alfresco-forum/solr-tracker-sslhandshakeexception/m-p/4814#M2249 <HTML><HEAD></HEAD><BODY><P>You could try adding your cert to the keystore. Far better would be to create a new Connector that is listening on 443 and use that for external connections hitting the server, or even better would be to install an HTTP server with mod_ajp and use that to handle SSL, which is the best and most common practice.</P><P></P><P>If you are going to use your own cert for SOLR, you have to edit tomcat-users.xml and set the cert DN.</P><P></P><P>You should also look at this doc which talks about how SOLR security is set up: <A class="link-titled" href="http://docs.alfresco.com/5.0/concepts/solrsecurity-intro.html" title="http://docs.alfresco.com/5.0/concepts/solrsecurity-intro.html" rel="nofollow noopener noreferrer">Solr 4 security | Alfresco Documentation</A>&nbsp;</P></BODY></HTML> Fri, 03 Feb 2017 17:43:44 GMT https://connect.hyland.com/t5/alfresco-forum/solr-tracker-sslhandshakeexception/m-p/4814#M2249 jpotts 2017-02-03T17:43:44Z https://connect.hyland.com/t5/alfresco-forum/solr-tracker-sslhandshakeexception/m-p/4815#M2250 <HTML><HEAD></HEAD><BODY><P>I ripped all certs out of Alfresco config and put Nginx in front of it. That was a lot smoother and cleaner.&nbsp;</P></BODY></HTML> Mon, 06 Feb 2017 16:54:37 GMT https://connect.hyland.com/t5/alfresco-forum/solr-tracker-sslhandshakeexception/m-p/4815#M2250 garbetsp 2017-02-06T16:54:37Z