cancel
Showing results for 
Search instead for 
Did you mean: 

Alfresco Search (SOLR6) does not work

marius_dumitrac
Confirmed Champ
Confirmed Champ

Hi guys,

I've installed Alfresco 6.1 with SOLR6 and the connection between Alfresco and SOLR does not work.

I have the following configuration (everything on the same machine): CentOS 7, PostgreSQL 11, Tomcat 8 and NGINX.

I've followed the setup guide and generated the certificates for SOLR and Alfresco (from here: Generating secure keys for SSL communication | Alfresco Documentation ).

Here are the details:

1. alfresco-global.properties

# SOLR Config
solr.secureComms=https

index.subsystem.name=solr6
solr.port=8983
solr.host=nginx
solr.base.url=/solr
solr.port.ssl=8984

# SSL Encription
encryption.ssl.keystore.location=${dir.keystore}/ssl.keystore
encryption.ssl.keystore.type=JCEKS
encryption.ssl.keystore.keyMetaData.location=${dir.keystore}/ssl-keystore-passwords.properties
encryption.ssl.truststore.location=${dir.keystore}/ssl.truststore
encryption.ssl.truststore.type=JCEKS
encryption.ssl.truststore.keyMetaData.location=${dir.keystore}/ssl-truststore-passwords.properties

# Secret key config
encryption.keystore.location=${dir.keystore}/keystore
encryption.keystore.keyMetaData.location=${dir.keystore}/keystore-passwords.properties
encryption.keystore.type=JCEKS

2. server.xml (tomcat)

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" maxThreads="150" scheme="https"
keystoreFile="/opt/alfresco/alf_data/keystore/ssl.keystore"
keystorePass="password"
keystoreType="JCEKS"
secure="true" connectionTimeout="240000"
truststoreFile="/opt/alfresco/alf_data/keystore/ssl.truststore"
truststorePass="password"
truststoreType="JCEKS"
clientAuth="want" sslProtocol="TLS" />

3. solecore.properties (<SEARCH_HOME>/solrhome/templates/rerank/conf)

#
# Properties loaded during alfresco tracking
#

alfresco.host=nginx
alfresco.port=8080
alfresco.port.ssl=8443
alfresco.baseUrl=/alfresco

# encryption

alfresco.secureComms=https

# ssl
alfresco.encryption.ssl.keystore.type=JCEKS
alfresco.encryption.ssl.keystore.provider=
alfresco.encryption.ssl.keystore.location=/opt/search/solrhome/keystore/ssl.repo.client.keystore
alfresco.encryption.ssl.keystore.passwordFileLocation=/opt/search/solrhome/keystore/ssl-keystore-passwords.properties
alfresco.encryption.ssl.truststore.type=JCEKS
alfresco.encryption.ssl.truststore.provider=
alfresco.encryption.ssl.truststore.location=/opt/search/solrhome/keystore/ssl.repo.client.truststore
alfresco.encryption.ssl.truststore.passwordFileLocation=/opt/search/solrhome/keystore/ssl-truststore-passwords.properties

Alfresco is starting fine, but the search is not working and in logs I have the following errors:

1. catalina.out

2019-09-06 18:04:14,690 WARN [scripts.servlet.X509ServletFilterBase] [localhost-startStop-1] clientAuth does not appear to be set for Tomcat. clientAuth m
ust be set to 'want' for X509 Authentication
2019-09-06 18:04:14,690 WARN [scripts.servlet.X509ServletFilterBase] [localhost-startStop-1] Attempting to set clientAuth=want through JMX...
2019-09-06 18:04:14,692 WARN [scripts.servlet.X509ServletFilterBase] [localhost-startStop-1] Setting clientAuth=want on MBean:Catalina:type=ProtocolHandle
r,port=8443
06-Sep-2019 18:04:20.766 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/opt/tomcat8/w
ebapps/alfresco.war] has finished in [143,097] ms

...........

2019-09-06 18:05:34,817 ERROR [extensions.webscripts.AbstractRuntime] [http-nio-8080-exec-3] Exception from executeScript: 08060000 Wrapped Exception (with status template): 08060021 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js': 08060020 Failed to execute search: +@cm\:modified:[2019\-8\-30T00\:00\:00.000 TO 2019\-9\-6T23\:59\:59.999] +@cm\:modifier:"admin" +TYPE:"cm:content" -TYPE:"cm:systemfolder" -TYPE:"fm:forums" -TYPE:"fm:forum" -TYPE:"fm:topic" -TYPE:"fmSmiley Tongueost" +(TYPE:"content" OR TYPE:"app:filelink" OR TYPE:"folder")
org.springframework.extensions.webscripts.WebScriptException: 08060000 Wrapped Exception (with status template): 08060021 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js': 08060020 Failed to execute search: +@cm\:modified:[2019\-8\-30T00\:00\:00.000 TO 2019\-9\-6T23\:59\:59.999] +@cm\:modifier:"admin" +TYPE:"cm:content" -TYPE:"cm:systemfolder" -TYPE:"fm:forums" -TYPE:"fm:forum" -TYPE:"fm:topic" -TYPE:"fmSmiley Tongueost" +(TYPE:"content" OR TYPE:"app:filelink" OR TYPE:"folder")
at org.springframework.extensions.webscripts.AbstractWebScript.createStatusException(AbstractWebScript.java:1139)
at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:171)
at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:512)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:450)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:587)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:656)
at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:428)
at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:308)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:399)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210)
at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
at org.alfresco.repo.web.scripts.AlfrescoWebScriptServlet.service(AlfrescoWebScriptServlet.java:43)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.module.aosmodule.service.ContextRootFilter.doFilter(ContextRootFilter.java:93)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.alfresco.web.app.servlet.ClearSecurityContextFilter.doFilter(ClearSecurityContextFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.alfresco.scripts.ScriptException: 08060021 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js': 08060020 Failed to execute search: +@cm\:modified:[2019\-8\-30T00\:00\:00.000 TO 2019\-9\-6T23\:59\:59.999] +@cm\:modifier:"admin" +TYPE:"cm:content" -TYPE:"cm:systemfolder" -TYPE:"fm:forums" -TYPE:"fm:forum" -TYPE:"fm:topic" -TYPE:"fmSmiley Tongueost" +(TYPE:"content" OR TYPE:"app:filelink" OR TYPE:"folder")
at org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:211)
at org.alfresco.repo.processor.ScriptServiceImpl.execute(ScriptServiceImpl.java:219)
at org.alfresco.repo.processor.ScriptServiceImpl.executeScript(ScriptServiceImpl.java:181)
at org.alfresco.repo.web.scripts.RepositoryScriptProcessor.executeScript(RepositoryScriptProcessor.java:109)
at org.springframework.extensions.webscripts.AbstractWebScript.executeScript(AbstractWebScript.java:1376)
at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:86)
... 42 more
Caused by: org.alfresco.error.AlfrescoRuntimeException: 08060020 Failed to execute search: +@cm\:modified:[2019\-8\-30T00\:00\:00.000 TO 2019\-9\-6T23\:59\:59.999] +@cm\:modifier:"admin" +TYPE:"cm:content" -TYPE:"cm:systemfolder" -TYPE:"fm:forums" -TYPE:"fm:forum" -TYPE:"fm:topic" -TYPE:"fmSmiley Tongueost" +(TYPE:"content" OR TYPE:"app:filelink" OR TYPE:"folder")
at org.alfresco.repo.jscript.Search.queryResultMeta(Search.java:1127)
at org.alfresco.repo.jscript.Search.queryResultSet(Search.java:819)
at org.alfresco.repo.jscript.Search.query(Search.java:560)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.mozilla.javascript.gen.classpath__alfresco_templates_webscripts_org_alfresco_slingshot_documentlibrary_doclist_get_js_6._c_getDoclist_20(classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js:1127)
at org.mozilla.javascript.gen.classpath__alfresco_templates_webscripts_org_alfresco_slingshot_documentlibrary_doclist_get_js_6.call(classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js)
at org.mozilla.javascript.optimizer.OptRuntime.callName0(OptRuntime.java:74)
at org.mozilla.javascript.gen.classpath__alfresco_templates_webscripts_org_alfresco_slingshot_documentlibrary_doclist_get_js_6._c_script_0(classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js:1352)
at org.mozilla.javascript.gen.classpath__alfresco_templates_webscripts_org_alfresco_slingshot_documentlibrary_doclist_get_js_6.call(classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:405)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3508)
at org.mozilla.javascript.gen.classpath__alfresco_templates_webscripts_org_alfresco_slingshot_documentlibrary_doclist_get_js_6.call(classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js)
at org.mozilla.javascript.gen.classpath__alfresco_templates_webscripts_org_alfresco_slingshot_documentlibrary_doclist_get_js_6.exec(classpath*:alfresco/templates/webscripts/org/alfresco/slingshot/documentlibrary/doclist.get.js)
at org.alfresco.repo.jscript.RhinoScriptProcessor.executeScriptImpl(RhinoScriptProcessor.java:509)
at org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:207)
... 47 more
Caused by: org.alfresco.repo.search.impl.lucene.LuceneQueryParserException: 08060019
at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.executeQuery(SolrQueryHTTPClient.java:598)
at org.alfresco.repo.search.impl.solr.SolrQueryLanguage.executeQuery(SolrQueryLanguage.java:52)
at org.alfresco.repo.search.impl.solr.SolrSearchService.query(SolrSearchService.java:354)
at org.alfresco.repo.search.SearcherComponent.query(SearcherComponent.java:84)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:79)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy36.query(Unknown Source)
at org.alfresco.repo.search.impl.SearchServiceSubSystemDelegator.query(SearchServiceSubSystemDelegator.java:133)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy36.query(Unknown Source)
at org.alfresco.repo.jscript.Search.queryResultMeta(Search.java:1016)
... 67 more
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
at java.base/java.net.Socket.connect(Socket.java:591)
at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:285)
at java.base/sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:190)
at java.base/sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:153)
at org.alfresco.encryption.ssl.AuthSSLProtocolSocketFactory.createSocket(AuthSSLProtocolSocketFactory.java:168)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.alfresco.repo.search.impl.solr.AbstractSolrQueryHTTPClient.postQuery(AbstractSolrQueryHTTPClient.java:66)
at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.postSolrQuery(SolrQueryHTTPClient.java:1116)
at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.executeQuery(SolrQueryHTTPClient.java:583)
... 98 more
06-Sep-2019 18:06:07.450 INFO [http-nio-8080-exec-5] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:490)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:684)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)

2. solr.log

2019-09-06 15:01:20.031 WARN (org.alfresco.solr.AlfrescoCoreAdminHandler@7b60c3e_Worker-13) [ ] o.a.s.t.AbstractTracker Tracking communication timed out f
or AclTracker - archive
2019-09-06 15:04:22.811 ERROR (org.alfresco.solr.AlfrescoCoreAdminHandler@7b60c3e_Worker-31) [ ] o.a.s.t.AbstractTracker Tracking failed for AclTracker - a
lfresco
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust an
chors
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:642)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:450)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:427)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:970)
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager
.java:1565)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.alfresco.httpclient.AbstractHttpClient.executeMethod(AbstractHttpClient.java:135)
at org.alfresco.httpclient.AbstractHttpClient.sendRemoteRequest(AbstractHttpClient.java:111)
at org.alfresco.httpclient.HttpClientFactory$HttpsClient.sendRequest(HttpClientFactory.java:408)
at org.alfresco.solr.client.SOLRAPIClient.getAclChangeSets(SOLRAPIClient.java:166)
at org.alfresco.solr.tracker.AclTracker.getSomeAclChangeSets(AclTracker.java:427)
at org.alfresco.solr.tracker.AclTracker.trackAclChangeSets(AclTracker.java:655)
at org.alfresco.solr.tracker.AclTracker.trackRepository(AclTracker.java:307)
at org.alfresco.solr.tracker.AclTracker.doTrack(AclTracker.java:95)
at org.alfresco.solr.tracker.AbstractTracker.track(AbstractTracker.java:215)
at org.alfresco.solr.tracker.TrackerJob.execute(TrackerJob.java:47)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:259)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:626)
... 34 more
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:154)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
... 40 more

What can I do to solve this (I've already re-generated the certificates with the same result).

Thanks,

Marius

1 ACCEPTED ANSWER

marius_dumitrac
Confirmed Champ
Confirmed Champ

Hi guys,

Found the problem. It was on the alfresco-global.properies file. More exactly, by mistake the Solr settings were:

solr.secureComms=https

index.subsystem.name=solr6
solr.port=8983
solr.host=nginx
solr.base.url=/solr
solr.port.ssl=8984

But the solr was started onn port 8983, thus the " Connection refused " error.

I've put ssl port to 8983 and restart both tomcat and solr annd everything works now.

Thanks Agel for support.

View answer in original post

8 REPLIES 8

angelborroy
Community Manager Community Manager
Community Manager

How did you started SOLR?

It looks like some JVM parameters are missing.

Take a look at SearchServices/search-services at master · Alfresco/SearchServices · GitHub 

Hyland Developer Evangelist

Hi Angel,

First time I've started the SOLR using the following command (to initialise the cores):

./solr/bin/solr start -a "-Djavax.net.ssl.keyStoreType=JCEKS -Djavax.net.ssl.trustStoreType=JCEKS -Dsolr.ssl.checkPeerName=false -Dcreate.alfresco.defaults=alfresco,archive"

But I found out in the logs that the path to keystore was not trusted so, after I've deleted the folders alfresco and archive from <SOLR_HOME>/solrhome folder, I've re-run the command adding the "-Dsolr.allow.unsafe.resourceloading=true" option (which I see is also what the link you send me recommends) but with the same results (still get the errors in alfresco and solr logs).

Thanks,

Marius

It looks like SOLR truststore does not contain Alfresco certificate.

Did you copy the right file to /opt/search/solrhome/keystore/ssl.repo.client.truststore?

Hyland Developer Evangelist

Hi Angel,

I've checked and all the files from the folder where I've run the tool to generate the certificates are copied in the respective folders. That is:

  1. <SOLR_HOME>/solrhome/templates/rerank/conf contains the following files:
    • ssl.repo.client.keystore
    • ssl.repo.client.truststore
    • ssl-keystore-passwords.properties
    • ssl.truststore-passwords.properties
  2. <SOLR_HOME>/solrhome/keystore:
    • ssl.repo.client.keystore
    • ssl.repo.client.truststore
    • ssl-keystore-passwords.properties
    • ssl.truststore-passwords.properties

The above files where copied in the location for the <SSL_TOOL>/keystores/solr

  1. <ALFRESCO_HOME>/alf_data/keystore:
    • keystore
    • keystore-passwords.properties
    • ssl-keystore-passwords.properties
    • ssl-truststore-passwords.properties
    • ssl.keystore
    • ssl.truststore

The above files where copied in the location for the <SSL_TOOL>/keystores/alfresco

The command used to generate the certificates was

./run.sh -alfrescoversion "community" -keysize 2048 -keystorepass "password" -truststorepass “password”

Also I've reset the SOLR index (erase the files in <SOLR_HOME>/solrhome/[alfresco|archive]/index, <SOLR_HOME>/solrhome/alfrescoModels and <SOLR_HOME>/contentstore and set index.recovery.mode=FULL in alfresco-global.properties) but the result remains the same.

Any other ideas on what can I do (apart from rebuild the certificates) ?

Thanks,

Marius

Step 1 is wrong, if you had your cores created.

Once the cores are created, configuration is not copied from <SOLR_HOME>/solrhome/templates/rerank/conf

You need to add the keystore and truststore files to every core configuration folder:

* <SOLR_HOME>/solrhome/alfresco/conf

* <SOLR_HOME>/solrhome/archive/conf

Hyland Developer Evangelist

angelborroy
Community Manager Community Manager
Community Manager

I've created a sample project with your configuration.

Available at GitHub - aborroy/alfresco-mtls-sample-docker: Sample for MTLs with Alfresco Docker Compose 

Hyland Developer Evangelist

marius_dumitrac
Confirmed Champ
Confirmed Champ

Hi guys,

Found the problem. It was on the alfresco-global.properies file. More exactly, by mistake the Solr settings were:

solr.secureComms=https

index.subsystem.name=solr6
solr.port=8983
solr.host=nginx
solr.base.url=/solr
solr.port.ssl=8984

But the solr was started onn port 8983, thus the " Connection refused " error.

I've put ssl port to 8983 and restart both tomcat and solr annd everything works now.

Thanks Agel for support.

Its actually not your fault. The documentation at : https://docs.alfresco.com/search-enterprise/tasks/keys-setup.html says you put solr.port.ssl=8984. Thats actually not correct unless you change your solr.in.sh accordingly.