Hyland Connect

marius_dumitrac · ‎09-09-2019

Hi guys,

I've installed Alfresco 6.1 with SOLR6 and the connection between Alfresco and SOLR does not work.

I have the following configuration (everything on the same machine): CentOS 7, PostgreSQL 11, Tomcat 8 and NGINX.

I've followed the setup guide and generated the certificates for SOLR and Alfresco (from here: Generating secure keys for SSL communication | Alfresco Documentation ).

Here are the details:

1. alfresco-global.properties

# SOLR Config
solr.secureComms=https
index.subsystem.name=solr6
solr.port=8983
solr.host=nginx
solr.base.url=/solr
solr.port.ssl=8984
# SSL Encription
encryption.ssl.keystore.location=${dir.keystore}/ssl.keystore
encryption.ssl.keystore.type=JCEKS
encryption.ssl.keystore.keyMetaData.location=${dir.keystore}/ssl-keystore-passwords.properties
encryption.ssl.truststore.location=${dir.keystore}/ssl.truststore
encryption.ssl.truststore.type=JCEKS
encryption.ssl.truststore.keyMetaData.location=${dir.keystore}/ssl-truststore-passwords.properties
# Secret key config
encryption.keystore.location=${dir.keystore}/keystore
encryption.keystore.keyMetaData.location=${dir.keystore}/keystore-passwords.properties
encryption.keystore.type=JCEKS

2. server.xml (tomcat)

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" maxThreads="150" scheme="https"
keystoreFile="/opt/alfresco/alf_data/keystore/ssl.keystore"
keystorePass="password"
keystoreType="JCEKS"
secure="true" connectionTimeout="240000"
truststoreFile="/opt/alfresco/alf_data/keystore/ssl.truststore"
truststorePass="password"
truststoreType="JCEKS"
clientAuth="want" sslProtocol="TLS" />

3. solecore.properties (<SEARCH_HOME>/solrhome/templates/rerank/conf)

#
# Properties loaded during alfresco tracking
#
alfresco.host=nginx
alfresco.port=8080
alfresco.port.ssl=8443
alfresco.baseUrl=/alfresco
# encryption
alfresco.secureComms=https
# ssl
alfresco.encryption.ssl.keystore.type=JCEKS
alfresco.encryption.ssl.keystore.provider=
alfresco.encryption.ssl.keystore.location=/opt/search/solrhome/keystore/ssl.repo.client.keystore
alfresco.encryption.ssl.keystore.passwordFileLocation=/opt/search/solrhome/keystore/ssl-keystore-passwords.properties
alfresco.encryption.ssl.truststore.type=JCEKS
alfresco.encryption.ssl.truststore.provider=
alfresco.encryption.ssl.truststore.location=/opt/search/solrhome/keystore/ssl.repo.client.truststore
alfresco.encryption.ssl.truststore.passwordFileLocation=/opt/search/solrhome/keystore/ssl-truststore-passwords.properties

Alfresco is starting fine, but the search is not working and in logs I have the following errors:

1. catalina.out

2019-09-06 18:04:14,690 WARN [scripts.servlet.X509ServletFilterBase] [localhost-startStop-1] clientAuth does not appear to be set for Tomcat. clientAuth m
ust be set to 'want' for X509 Authentication
2019-09-06 18:04:14,690 WARN [scripts.servlet.X509ServletFilterBase] [localhost-startStop-1] Attempting to set clientAuth=want through JMX...
2019-09-06 18:04:14,692 WARN [scripts.servlet.X509ServletFilterBase] [localhost-startStop-1] Setting clientAuth=want on MBean:Catalina:type=ProtocolHandle
r,port=8443
06-Sep-2019 18:04:20.766 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/opt/tomcat8/w
ebapps/alfresco.war] has finished in [143,097] ms
...........
2019-09-06 18:05:34,817 ERROR [extensions.webscripts.AbstractRuntime] [http-nio-8080-exec-3] Exception from executeScript: 08060000 Wrapped Exception (with status template): 08060021 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js': 08060020 Failed to execute search: +@cm\:modified:[2019\-8\-30T00\:00\:00.000 TO 2019\-9\-6T23\:59\:59.999] +@cm\:modifier:"admin" +TYPE:"cm:content" -TYPE:"cm:systemfolder" -TYPE:"fm:forums" -TYPE:"fm:forum" -TYPE:"fm:topic" -TYPE:"fmost" +(TYPE:"content" OR TYPE:"app:filelink" OR TYPE:"folder")
org.springframework.extensions.webscripts.WebScriptException: 08060000 Wrapped Exception (with status template): 08060021 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js': 08060020 Failed to execute search: +@cm\:modified:[2019\-8\-30T00\:00\:00.000 TO 2019\-9\-6T23\:59\:59.999] +@cm\:modifier:"admin" +TYPE:"cm:content" -TYPE:"cm:systemfolder" -TYPE:"fm:forums" -TYPE:"fm:forum" -TYPE:"fm:topic" -TYPE:"fmost" +(TYPE:"content" OR TYPE:"app:filelink" OR TYPE:"folder")
at org.springframework.extensions.webscripts.AbstractWebScript.createStatusException(AbstractWebScript.java:1139)
at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:171)
at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:512)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:450)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:587)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:656)
at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:428)
at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:308)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:399)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210)
at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
at org.alfresco.repo.web.scripts.AlfrescoWebScriptServlet.service(AlfrescoWebScriptServlet.java:43)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.module.aosmodule.service.ContextRootFilter.doFilter(ContextRootFilter.java:93)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.ClearSecurityContextFilter.doFilter(ClearSecurityContextFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.alfresco.scripts.ScriptException: 08060021 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js': 08060020 Failed to execute search: +@cm\:modified:[2019\-8\-30T00\:00\:00.000 TO 2019\-9\-6T23\:59\:59.999] +@cm\:modifier:"admin" +TYPE:"cm:content" -TYPE:"cm:systemfolder" -TYPE:"fm:forums" -TYPE:"fm:forum" -TYPE:"fm:topic" -TYPE:"fmost" +(TYPE:"content" OR TYPE:"app:filelink" OR TYPE:"folder")
at org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:211)
at org.alfresco.repo.processor.ScriptServiceImpl.execute(ScriptServiceImpl.java:219)
at org.alfresco.repo.processor.ScriptServiceImpl.executeScript(ScriptServiceImpl.java:181)
at org.alfresco.repo.web.scripts.RepositoryScriptProcessor.executeScript(RepositoryScriptProcessor.java:109)
at org.springframework.extensions.webscripts.AbstractWebScript.executeScript(AbstractWebScript.java:1376)
at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:86)
... 42 more
Caused by: org.alfresco.error.AlfrescoRuntimeException: 08060020 Failed to execute search: +@cm\:modified:[2019\-8\-30T00\:00\:00.000 TO 2019\-9\-6T23\:59\:59.999] +@cm\:modifier:"admin" +TYPE:"cm:content" -TYPE:"cm:systemfolder" -TYPE:"fm:forums" -TYPE:"fm:forum" -TYPE:"fm:topic" -TYPE:"fmost" +(TYPE:"content" OR TYPE:"app:filelink" OR TYPE:"folder")
at org.alfresco.repo.jscript.Search.queryResultMeta(Search.java:1127)
at org.alfresco.repo.jscript.Search.queryResultSet(Search.java:819)
at org.alfresco.repo.jscript.Search.query(Search.java:560)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.mozilla.javascript.gen.classpath__alfresco_templates_webscripts_org_alfresco_slingshot_documentlibrary_doclist_get_js_6._c_getDoclist_20(classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js:1127)
at org.mozilla.javascript.gen.classpath__alfresco_templates_webscripts_org_alfresco_slingshot_documentlibrary_doclist_get_js_6.call(classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js)
at org.mozilla.javascript.optimizer.OptRuntime.callName0(OptRuntime.java:74)
at org.mozilla.javascript.gen.classpath__alfresco_templates_webscripts_org_alfresco_slingshot_documentlibrary_doclist_get_js_6._c_script_0(classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js:1352)
at org.mozilla.javascript.gen.classpath__alfresco_templates_webscripts_org_alfresco_slingshot_documentlibrary_doclist_get_js_6.call(classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:405)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3508)
at org.mozilla.javascript.gen.classpath__alfresco_templates_webscripts_org_alfresco_slingshot_documentlibrary_doclist_get_js_6.call(classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js)
at org.mozilla.javascript.gen.classpath__alfresco_templates_webscripts_org_alfresco_slingshot_documentlibrary_doclist_get_js_6.exec(classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js)
at org.alfresco.repo.jscript.RhinoScriptProcessor.executeScriptImpl(RhinoScriptProcessor.java:509)
at org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:207)
... 47 more
Caused by: org.alfresco.repo.search.impl.lucene.LuceneQueryParserException: 08060019
at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.executeQuery(SolrQueryHTTPClient.java:598)
at org.alfresco.repo.search.impl.solr.SolrQueryLanguage.executeQuery(SolrQueryLanguage.java:52)
at org.alfresco.repo.search.impl.solr.SolrSearchService.query(SolrSearchService.java:354)
at org.alfresco.repo.search.SearcherComponent.query(SearcherComponent.java:84)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:79)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy36.query(Unknown Source)
at org.alfresco.repo.search.impl.SearchServiceSubSystemDelegator.query(SearchServiceSubSystemDelegator.java:133)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy36.query(Unknown Source)
at org.alfresco.repo.jscript.Search.queryResultMeta(Search.java:1016)
... 67 more
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
at java.base/java.net.Socket.connect(Socket.java:591)
at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:285)
at java.base/sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:190)
at java.base/sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:153)
at org.alfresco.encryption.ssl.AuthSSLProtocolSocketFactory.createSocket(AuthSSLProtocolSocketFactory.java:168)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.alfresco.repo.search.impl.solr.AbstractSolrQueryHTTPClient.postQuery(AbstractSolrQueryHTTPClient.java:66)
at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.postSolrQuery(SolrQueryHTTPClient.java:1116)
at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.executeQuery(SolrQueryHTTPClient.java:583)
... 98 more
06-Sep-2019 18:06:07.450 INFO [http-nio-8080-exec-5] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:490)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:684)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)

2. solr.log

2019-09-06 15:01:20.031 WARN (org.alfresco.solr.AlfrescoCoreAdminHandler@7b60c3e_Worker-13) [ ] o.a.s.t.AbstractTracker Tracking communication timed out f
or AclTracker - archive
2019-09-06 15:04:22.811 ERROR (org.alfresco.solr.AlfrescoCoreAdminHandler@7b60c3e_Worker-31) [ ] o.a.s.t.AbstractTracker Tracking failed for AclTracker - a
lfresco
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust an
chors
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:642)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:450)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:427)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:970)
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager
.java:1565)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.alfresco.httpclient.AbstractHttpClient.executeMethod(AbstractHttpClient.java:135)
at org.alfresco.httpclient.AbstractHttpClient.sendRemoteRequest(AbstractHttpClient.java:111)
at org.alfresco.httpclient.HttpClientFactory$HttpsClient.sendRequest(HttpClientFactory.java:408)
at org.alfresco.solr.client.SOLRAPIClient.getAclChangeSets(SOLRAPIClient.java:166)
at org.alfresco.solr.tracker.AclTracker.getSomeAclChangeSets(AclTracker.java:427)
at org.alfresco.solr.tracker.AclTracker.trackAclChangeSets(AclTracker.java:655)
at org.alfresco.solr.tracker.AclTracker.trackRepository(AclTracker.java:307)
at org.alfresco.solr.tracker.AclTracker.doTrack(AclTracker.java:95)
at org.alfresco.solr.tracker.AbstractTracker.track(AbstractTracker.java:215)
at org.alfresco.solr.tracker.TrackerJob.execute(TrackerJob.java:47)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:259)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:626)
... 34 more
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:154)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
... 40 more

What can I do to solve this (I've already re-generated the certificates with the same result).

Thanks,

Marius

marius_dumitrac · ‎09-11-2019

Hi guys,

Found the problem. It was on the alfresco-global.properies file. More exactly, by mistake the Solr settings were:

solr.secureComms=https
index.subsystem.name=solr6
solr.port=8983
solr.host=nginx
solr.base.url=/solr
solr.port.ssl=8984

But the solr was started onn port 8983, thus the " Connection refused " error.

I've put ssl port to 8983 and restart both tomcat and solr annd everything works now.

Thanks Agel for support.

View answer in original post

angelborroy · ‎09-09-2019

How did you started SOLR?

It looks like some JVM parameters are missing.

Take a look at SearchServices/search-services at master · Alfresco/SearchServices · GitHub

Hyland Developer Evangelist

marius_dumitrac · ‎09-09-2019

Hi Angel,

First time I've started the SOLR using the following command (to initialise the cores):

./solr/bin/solr start -a "-Djavax.net.ssl.keyStoreType=JCEKS -Djavax.net.ssl.trustStoreType=JCEKS -Dsolr.ssl.checkPeerName=false -Dcreate.alfresco.defaults=alfresco,archive"

But I found out in the logs that the path to keystore was not trusted so, after I've deleted the folders alfresco and archive from <SOLR_HOME>/solrhome folder, I've re-run the command adding the "-Dsolr.allow.unsafe.resourceloading=true" option (which I see is also what the link you send me recommends) but with the same results (still get the errors in alfresco and solr logs).

Thanks,

Marius

angelborroy · ‎09-09-2019

It looks like SOLR truststore does not contain Alfresco certificate.

Did you copy the right file to /opt/search/solrhome/keystore/ssl.repo.client.truststore?

Hyland Developer Evangelist

marius_dumitrac · ‎09-10-2019

Hi Angel,

I've checked and all the files from the folder where I've run the tool to generate the certificates are copied in the respective folders. That is:

<SOLR_HOME>/solrhome/templates/rerank/conf contains the following files:
- ssl.repo.client.keystore
- ssl.repo.client.truststore
- ssl-keystore-passwords.properties
- ssl.truststore-passwords.properties
<SOLR_HOME>/solrhome/keystore:
- ssl.repo.client.keystore
- ssl.repo.client.truststore
- ssl-keystore-passwords.properties
- ssl.truststore-passwords.properties

The above files where copied in the location for the <SSL_TOOL>/keystores/solr

<ALFRESCO_HOME>/alf_data/keystore:
- keystore
- keystore-passwords.properties
- ssl-keystore-passwords.properties
- ssl-truststore-passwords.properties
- ssl.keystore
- ssl.truststore

The above files where copied in the location for the <SSL_TOOL>/keystores/alfresco

The command used to generate the certificates was

./run.sh -alfrescoversion "community" -keysize 2048 -keystorepass "password" -truststorepass “password”

Also I've reset the SOLR index (erase the files in <SOLR_HOME>/solrhome/[alfresco|archive]/index, <SOLR_HOME>/solrhome/alfrescoModels and <SOLR_HOME>/contentstore and set index.recovery.mode=FULL in alfresco-global.properties) but the result remains the same.

Any other ideas on what can I do (apart from rebuild the certificates) ?

Thanks,

Marius

angelborroy · ‎09-10-2019

Step 1 is wrong, if you had your cores created.

Once the cores are created, configuration is not copied from <SOLR_HOME>/solrhome/templates/rerank/conf

You need to add the keystore and truststore files to every core configuration folder:

* <SOLR_HOME>/solrhome/alfresco/conf

* <SOLR_HOME>/solrhome/archive/conf

Hyland Developer Evangelist

angelborroy · ‎09-10-2019

I've created a sample project with your configuration.

Available at GitHub - aborroy/alfresco-mtls-sample-docker: Sample for MTLs with Alfresco Docker Compose

Hyland Developer Evangelist

marius_dumitrac · ‎09-11-2019

Hi guys,

Found the problem. It was on the alfresco-global.properies file. More exactly, by mistake the Solr settings were:

solr.secureComms=https
index.subsystem.name=solr6
solr.port=8983
solr.host=nginx
solr.base.url=/solr
solr.port.ssl=8984

But the solr was started onn port 8983, thus the " Connection refused " error.

I've put ssl port to 8983 and restart both tomcat and solr annd everything works now.

Thanks Agel for support.

gb123alf2 · ‎06-18-2020

Its actually not your fault. The documentation at : https://docs.alfresco.com/search-enterprise/tasks/keys-setup.html says you put solr.port.ssl=8984. Thats actually not correct unless you change your solr.in.sh accordingly.

Hyland Connect

Alfresco Search (SOLR6) does not work