Can't add the data-import-handler

Tue, 04 Feb 2025 12:51:42 -0800

Using solr 9.7.0 configured to support SSL, I cannot add the data-import-handler plugin. 

I can connect to my solr admin using https.
My solr admin site uses our own self signed certificate, inside of the solr_docker_ssl.keystore.jks 


I am not using docker in any way, the name is from docker experiment.

SSL values in  solr.in.sh values
SOLR_SSL_KEY_STORE=/var/solr-data/solr_docker_ssl.keystore.jks
SOLR_SSL_KEY_STORE_PASSWORD=XXXX
SOLR_SSL_TRUST_STORE=/var/solr-data/solr_docker_ssl.keystore.jks
SOLR_SSL_TRUST_STORE_PASSWORD=XXXX

I have put the the following github certs in both:
/var/dme1/jdk/jdk-17.0.2/lib/security/cacerts
/var/solr-data/solr_docker_ssl.keystore.jks
$ /var/dme1/jdk/jdk-17.0.2/bin/keytool -v -list -keystore solr_docker_ssl.keystore.jks 
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 3 entries

Alias name: github-chain2
Creation date: Jan 24, 2025
Entry type: trustedCertEntry
Owner: CN=Norton Web/Mail Shield Root, O=Norton Web/Mail Shield, OU=generated by Norton Antivirus for SSL/TLS scanning Issuer: CN=Norton Web/Mail Shield Root, O=Norton Web/Mail Shield, OU=generated by Norton Antivirus for SSL/TLS scanning 
Serial number: 44d6ee5a729fd646beddbf7f01283c0b
Valid from: Fri Jan 01 04:00:00 PST 2010 until: Sun Jan 01 04:00:00 PST 2040
Certificate fingerprints:
     SHA1: 10:A2:28:07:12:71:34:0C:59:AD:85:E3:1B:47:FC:AE:A9:F0:EB:95
     SHA256: E6:85:50:9B:23:D9:09:D5:CD:53:A6:BE:03:ED:D3:5A:8E:FB:DD:36:30:79:A7:77:88:9B:72:20:3E:12:8C:C6 
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen: no limit
]

#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
]

#4: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  Key_CertSign
]

#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 68 1C 5D 71 5E 2C E6 85   75 B1 A7 D5 EC 21 56 D0 h.]q^,..u....!V.
0010: B1 36 9D C6                                        .6..
]
]



*******************************************
*******************************************


Alias name: github-io
Creation date: Jan 24, 2025
Entry type: trustedCertEntry
Owner: CN=*.github.io, O="GitHub, Inc.", L=San Francisco, ST=California, C=US Issuer: CN=Norton Web/Mail Shield Root, O=Norton Web/Mail Shield, OU=generated by Norton Antivirus for SSL/TLS scanning 
Serial number: 7262a31c85e4e44a81b0e98108f6d2af
Valid from: Thu Mar 14 17:00:00 PDT 2024 until: Fri Mar 14 16:59:59 PDT 2025
Certificate fingerprints:
     SHA1: F1:1C:B8:23:16:CB:2B:81:48:19:A6:7C:0E:12:B3:31:03:57:43:CC
     SHA256: 3E:39:81:0E:36:73:34:7B:BE:0D:7C:D8:D7:38:94:B1:C9:23:72:9E:46:3E:12:38:79:9A:D6:D4:8B:9F:C2:CE 
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 68 1C 5D 71 5E 2C E6 85   75 B1 A7 D5 EC 21 56 D0 h.]q^,..u....!V.
0010: B1 36 9D C6                                        .6..
]
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: *.github.io
  DNSName: github.io
  DNSName: githubusercontent.com
  DNSName: www.github.com
  DNSName: *.github.com
  DNSName: *.githubusercontent.com
  DNSName: github.com
]

#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E8 6F 57 EB 86 51 98 EB   9F A5 BE 53 DA DB 94 AC .oW..Q.....S....
0010: 28 2E FB ED                                        (...
]
]

Here is the ERROR I get:

1) solr start --cloud -Denable.packages=true
2) solr package add-repo data-import-handler "https://raw.githubusercontent.com/searchscale/dataimporthandler/master/repo/"; INFO  - 2025-01-24 13:36:11.896; org.apache.solr.util.configuration.SSLConfigurations; Setting javax.net.ssl.keyStorePassword INFO  - 2025-01-24 13:36:11.902; org.apache.solr.util.configuration.SSLConfigurations; Setting javax.net.ssl.trustStorePassword Neither --zk-host or --solr-url parameters provided so assuming solr url is https://oel1.prosperodigital.com:8983. com.fasterxml.jackson.databind.JsonMappingException: org.apache.solr.client.solrj.SolrServerException: IOException occurred when talking to server at: https://raw.githubusercontent.com/searchscale/dataimporthandler/master/repo/repository.json (through reference chain: java.util.ArrayList[0]->org.apache.solr.packagemanager.DefaultPackageRepository["packages"])     at com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:402)     at com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:361)     at com.fasterxml.jackson.databind.ser.std.StdSerializer.wrapAndThrow(StdSerializer.java:323)     at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:778)     at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:183)     at com.fasterxml.jackson.databind.ser.impl.IndexedListSerializer.serializeContents(IndexedListSerializer.java:119)     at com.fasterxml.jackson.databind.ser.impl.IndexedListSerializer.serialize(IndexedListSerializer.java:79)     at com.fasterxml.jackson.databind.ser.impl.IndexedListSerializer.serialize(IndexedListSerializer.java:18)     at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider._serialize(DefaultSerializerProvider.java:502)     at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider.serializeValue(DefaultSerializerProvider.java:341)     at com.fasterxml.jackson.databind.ObjectMapper._writeValueAndClose(ObjectMapper.java:4799)     at com.fasterxml.jackson.databind.ObjectMapper.writeValueAsString(ObjectMapper.java:4040)     at org.apache.solr.packagemanager.RepositoryManager.addRepository(RepositoryManager.java:128) 
    at org.apache.solr.cli.PackageTool.runImpl(PackageTool.java:102)
    at org.apache.solr.cli.ToolBase.runTool(ToolBase.java:52)
    at org.apache.solr.cli.SolrCLI.main(SolrCLI.java:227)
Caused by: org.apache.solr.common.SolrException: org.apache.solr.client.solrj.SolrServerException: IOException occurred when talking to server at: https://raw.githubusercontent.com/searchscale/dataimporthandler/master/repo/repository.json     at org.apache.solr.packagemanager.DefaultPackageRepository.initPackages(DefaultPackageRepository.java:129)     at org.apache.solr.packagemanager.DefaultPackageRepository.getPackages(DefaultPackageRepository.java:68)     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)     at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.base/java.lang.reflect.Method.invoke(Method.java:568)
    at com.fasterxml.jackson.databind.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:688)     at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:770) 
    ... 12 more
Caused by: org.apache.solr.client.solrj.SolrServerException: IOException occurred when talking to server at: https://raw.githubusercontent.com/searchscale/dataimporthandler/master/repo/repository.json     at org.apache.solr.client.solrj.impl.Http2SolrClient.request(Http2SolrClient.java:544)     at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1194)     at org.apache.solr.packagemanager.DefaultPackageRepository.initPackages(DefaultPackageRepository.java:120) 
    ... 19 more
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)     at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)     at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)     at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)     at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)     at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)     at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)     at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)     at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)     at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)     at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)     at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)     at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:657)     at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.flush(SslConnection.java:1064) 
    at org.eclipse.jetty.io.WriteFlusher.flush(WriteFlusher.java:422)
    at org.eclipse.jetty.io.WriteFlusher.completeWrite(WriteFlusher.java:377)     at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.lambda$fill$1(SslConnection.java:838)     at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$1(ExecutorUtil.java:449)     at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)     at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) 
    at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)     at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)     at java.base/sun.security.validator.Validator.validate(Validator.java:264)     at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)     at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)     at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) 
    ... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)     at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)     at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)     at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) 
    ... 22 more
ERROR: org.apache.solr.client.solrj.SolrServerException: IOException occurred when talking to server at: https://raw.githubusercontent.com/searchscale/dataimporthandler/master/repo/repository.json (through reference chain: java.util.ArrayList[0]->org.apache.solr.packagemanager.DefaultPackageRepository["packages"])

Reply via email to