AnsweredAssumed Answered

SOLR not tracking after custom keystores generated

Question asked by darminm on Feb 25, 2016
Latest reply on Mar 1, 2018 by rvedula
Hello,

I am running Alfresco 5.0.0 (d r99759-b2) community edition.
Alfresco is installed with standard wizard.

Once initial deployment finished, http in tomcat is set to disabled and verified alfresco and solr are running without issues as they should.
Used generate_keystore.bat with changed to CN:

set CERTIFICATE_HOME=%USERPROFILE%
@rem The repository server certificate subject name, as specified in tomcat\conf\tomcat-users.xml with roles="repository"
set REPO_CERT_DNAME=CN=server1, OU=Unknown, O=Unknown, L=Unknown, ST=US, C=US
@rem The SOLR client certificate subject name, as specified in tomcat\conf\tomcat-users.xml with roles="repoclient"
set SOLR_CLIENT_CERT_DNAME=CN=server1, OU=Unknown, O=Unknown, L=Unknown, ST=US, C=US

Once keystores generated, I created a certificate sign request and signed the certificates with my private domain CA.  Alias for the certificate are kept ssl.repo & ssl.repo.client.

Once started I am seeing following errors in solr.log (with debug on):

2016-02-24 18:38:44,724 DEBUG [org.apache.commons.httpclient.methods.EntityEnclosingMethod] Request body sent
2016-02-24 18:38:45,833 DEBUG [httpclient.wire.header] << "HTTP/1.1 401 Unauthorized[\r][\n]"
2016-02-24 18:38:45,833 DEBUG [httpclient.wire.header] << "HTTP/1.1 401 Unauthorized[\r][\n]"
2016-02-24 18:38:45,833 DEBUG [httpclient.wire.header] << "Server: Apache-Coyote/1.1[\r][\n]"
2016-02-24 18:38:45,833 DEBUG [httpclient.wire.header] << "Content-Type: text/html;charset=utf-8[\r][\n]"
2016-02-24 18:38:45,833 DEBUG [httpclient.wire.header] << "Content-Language: en[\r][\n]"
2016-02-24 18:38:45,833 DEBUG [httpclient.wire.header] << "Content-Length: 1037[\r][\n]"
2016-02-24 18:38:45,833 DEBUG [httpclient.wire.header] << "Date: Thu, 25 Feb 2016 00:38:45 GMT[\r][\n]"
2016-02-24 18:38:45,833 DEBUG [httpclient.wire.header] << "[\r][\n]"
2016-02-24 18:38:45,833 DEBUG [org.apache.commons.httpclient.HttpMethodDirector] Authorization required
2016-02-24 18:38:45,848 DEBUG [org.apache.commons.httpclient.HttpMethodDirector] Authentication challenge(s) not found
2016-02-24 18:38:45,848 DEBUG [httpclient.wire.content] << "<html><head><title>Apache Tomcat/7.0.59 - Error report</title><style><!–H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}–></style> </head><body><h1>HTTP Status 401 - No client certificate chain in this request</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>No client certificate chain in this request</u></p><p><b>description</b> <u>This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.59</h3><"
2016-02-24 18:38:45,848 DEBUG [httpclient.wire.content] << "/body></html>"
2016-02-24 18:38:45,848 DEBUG [org.apache.commons.httpclient.HttpMethodBase] Resorting to protocol version default close connection policy
2016-02-24 18:38:45,848 DEBUG [org.apache.commons.httpclient.HttpMethodBase] Should NOT close connection, using HTTP/1.1
2016-02-24 18:38:45,848 DEBUG [org.apache.commons.httpclient.HttpConnection] Releasing connection back to connection manager.
2016-02-24 18:38:45,848 DEBUG [org.apache.commons.httpclient.MultiThreadedHttpConnectionManager] Freeing connection, hostConfig=HostConfiguration[host=https://server1]
2016-02-24 18:38:45,848 DEBUG [org.apache.commons.httpclient.util.IdleConnectionHandler] Adding connection at: 1456360725848
2016-02-24 18:38:45,848 DEBUG [org.apache.commons.httpclient.MultiThreadedHttpConnectionManager] Notifying no-one, there are no waiting threads
2016-02-24 18:38:45,848 ERROR [org.alfresco.solr.tracker.AbstractTracker] Model tracking failed
org.alfresco.error.AlfrescoRuntimeException: 01240000 GetModelsDiff return status is 401
   at org.alfresco.solr.client.SOLRAPIClient.getModelsDiff(SOLRAPIClient.java:1091)
   at org.alfresco.solr.tracker.ModelTracker.trackModelsImpl(ModelTracker.java:249)
   at org.alfresco.solr.tracker.ModelTracker.trackModels(ModelTracker.java:207)
   at org.alfresco.solr.tracker.ModelTracker.ensureFirstModelSync(ModelTracker.java:229)
   at org.alfresco.solr.tracker.CoreWatcherJob.registerForCore(CoreWatcherJob.java:131)
   at org.alfresco.solr.tracker.CoreWatcherJob.execute(CoreWatcherJob.java:74)
   at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)

Attachments

Outcomes