Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
6.2.1
-
None
-
Windows only
Description
Official manual 6.2 says that for enabling HTTPS you have to create keystore with keypair having "secret" as password (example), assume that i have done everything else needed to enable HTTPS correctly.
When i want to create keystore and keypair with another password it works only on Linux OS but on Windows only with "secret" as a password.
solr.in.cmd properties aren't used by server properly on Windows:
CASE1:
keystore password: secret
kepair password: secret
SOLR_SSL_KEY_STORE_PASSWORD=secret
SOLR_SSL_TRUST_STORE_PASSWORD=secret
Everything works
CASE2:
keystore password: secret
kepair password: secret
SOLR_SSL_KEY_STORE_PASSWORD=changeit
SOLR_SSL_TRUST_STORE_PASSWORD=changeit
No "Keystore was tampered with, or password was incorrect" -> which means it uses "secret" as password when it shouldn't
Multiple repeating Errors:
INFO - 2016-11-02 07:52:00.657; org.apache.http.impl.client.DefaultRequestDirector; I/O exception (java.net.SocketException) caught when connecting to
INFO - 2016-11-02 07:52:00.657; org.apache.http.impl.client.DefaultRequestDirector; Retrying connect to {s}
CASE3:
keystore password: changeit
kepair password: changeit
SOLR_SSL_KEY_STORE_PASSWORD=changeit
SOLR_SSL_TRUST_STORE_PASSWORD=changeit
Errors:
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:214)
at org.eclipse.jetty.start.Main.start(Main.java:457)
at org.eclipse.jetty.start.Main.main(Main.java:75)
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:52)
at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1016)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:332)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:64)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:260)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:244)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.server.Server.doStart(Server.java:384)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1510)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1435)
... 7 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
... 30 more
Usage: java -jar start.jar [options] [properties] [configs]
java -jar start.jar --help # for more information
INFO - 2016-11-02 07:53:55.221; org.apache.http.impl.client.DefaultRequestDirector; I/O exception (java.net.SocketException) caught when connecting to
INFO - 2016-11-02 07:53:55.225; org.apache.http.impl.client.DefaultRequestDirector; Retrying connect to {s}
Another issue:
I want for the server to require Client Authentification by certificate but the properties aren't passed to the server or used by the server. Doens't work on Windows, works on Linux.
CASE1:
set SOLR_SSL_NEED_CLIENT_AUTH=true
set SOLR_SSL_WANT_CLIENT_AUTH=false
server doesn't require client certificate for authentification
CASE2:
set SOLR_SSL_NEED_CLIENT_AUTH=false
set SOLR_SSL_WANT_CLIENT_AUTH=true
server doesn't want client certificate for authentification
I found that i can set the properties defaults in jetty-ssl.xml
which somehow helps a bit but the server still won't start and throws errors:
INFO - 2016-11-02 09:29:05.036; org.apache.http.impl.client.DefaultRequestDirector; I/O exception (java.net.SocketException) caught when connecting to
INFO - 2016-11-02 09:29:05.036; org.apache.http.impl.client.DefaultRequestDirector; Retrying connect to {s}
I know that most of the solr projects probably runs on Linux but we use also Windows environment for testing, because we have to ensure that our solution is platform independent.
Would be cool if someone would lay an eye on that.