Solr-8.5.1 official certificate javax.servlet.ServletException

Tue, 20 Apr 2021 22:18:46 -0700 

Hello,
I'm having some troubles securing Solr-8.5.1 (fresh install on Ubuntu 20.04 running openjdk11). As soon as I'm providing a keystore (JKS) containing an official Certificate-Chain solr stops logging to /var/solr/logs/solr.log and prints following error to the browser (connection established using https). I also tried to use the same keystore in Solr-8.2.0 and Solr-8.8.2 without problems, it just works... If I'm providing a selfsigned certificate (or using no SSL/TLS) it works like a charm. 


HTTP ERROR 404 javax.servlet.UnavailableException: Error processing the 
request. CoreContainer is either not initialized or shutting down.

URI: /solr/
STATUS:    404

MESSAGE:    javax.servlet.UnavailableException: Error processing the 
request. CoreContainer is either not initialized or shutting down.

SERVLET:    default

CAUSED BY:    javax.servlet.ServletException: 
javax.servlet.UnavailableException: Error processing the request. 
CoreContainer is either not initialized or shutting down.
CAUSED BY:    javax.servlet.UnavailableException: Error processing the 
request. CoreContainer is either not initialized or shutting down.

Caused by:


javax.servlet.ServletException: javax.servlet.UnavailableException: 
Error processing the request. CoreContainer is either not initialized or 
shutting down.
    at 
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:162)
    at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
    at 
org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322)
    at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)

    at org.eclipse.jetty.server.Server.handle(Server.java:500)

    at 
org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)

    at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
    at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:335)

    at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
    at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
    at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
    at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
    at 
org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170)
    at 
org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:150)
    at 
org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:442)
    at 
org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:130)
    at 
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)

    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

    at 
org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543)
    at 
org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398)
    at 
org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161)

    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

    at 
org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
    at 
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
    at 
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)

    at java.base/java.lang.Thread.run(Thread.java:834)

Caused by: javax.servlet.UnavailableException: Error processing the 
request. CoreContainer is either not initialized or shutting down.
    at 
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:371)
    at 
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:352)
    at 
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1596)
    at 
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545)
    at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
    at 
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590)
    at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
    at 
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
    at 
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1607)
    at 
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
    at 
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1297)
    at 
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
    at 
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
    at 
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1577)
    at 
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
    at 
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1212)
    at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at 
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221)
    at 
org.eclipse.jetty.server.handler.InetAccessHandler.handle(InetAccessHandler.java:177)
    at 
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)

    ... 26 more


Only changes done in solr.in.sh:


# Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. Use 
this config

# to enable https module with custom jetty configuration.
SOLR_SSL_ENABLED=true
# Uncomment to set SSL-related system properties
# Be sure to update the paths to the correct keystore for your environment
SOLR_SSL_KEY_STORE=etc/solrKey_2020.jks
SOLR_SSL_KEY_STORE_PASSWORD=removed
SOLR_SSL_TRUST_STORE=etc/solrKey_2020.jks
SOLR_SSL_TRUST_STORE_PASSWORD=removed
# Require clients to authenticate
SOLR_SSL_NEED_CLIENT_AUTH=false
# Enable clients to authenticate (but not require)
SOLR_SSL_WANT_CLIENT_AUTH=false
# Verify client's hostname during SSL handshake
#SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false

# SSL Certificates contain host/ip "peer name" information that is 
validated by default. Setting
# this to false can be useful to disable these checks when re-using a 
certificate on many hosts

#SOLR_SSL_CHECK_PEER_NAME=true
# Override Key/Trust Store types if necessary
#SOLR_SSL_KEY_STORE_TYPE=PKCS12
#SOLR_SSL_TRUST_STORE_TYPE=PKCS12


What am I doing wrong? Is there any known issue or someone who already 
solved this problem?


--

With kind regards

Julian Nikodemus















    











					Reply via email to