AnsweredAssumed Answered

Alfresco 4.0e and Solr SSL configuration help

Question asked by pslgroup on Oct 21, 2013
Latest reply on Nov 9, 2013 by douglascrp
Hi,
I need a real dummy guide on how to set up the certs for solr.  I've read the following posts and still having issues.
<li>http://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/alfresco-40d-community-solr</li>
<li>http://wiki.alfresco.com/wiki/Alfresco_And_SOLR#Generating_new_SSL_certificates</li>
<li>https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/dummy-guide-solr-applying-new</li>

Downloaded and installed the following package <strong>alfresco-community-4.0.e-installer-linux-x64.bin</strong>.
I installed Alfresco Community in the following directory: /opt/Alfresco/
I modified /opt/Alfresco/tomcat/shared/classes/alfresco-global.properties as follows

###############################
## Common Alfresco Properties #
###############################

dir.root=/opt/Alfresco/alf_data

alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=9080
alfresco.protocol=http

share.context=share
share.host=127.0.0.1
share.port=9080
share.protocol=http

### database connection properties ###
db.driver=org.gjt.mm.mysql.Driver
db.username=alfresco_64bit
db.password=alfresco
db.name=alfresco_64bit
db.host=localhost
db.port=3306
db.url=jdbc:mysql://${db.host}:${db.port}/${db.name}
hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect


### FTP Server Configuration ###
ftp.enabled=true
ftp.port=21
ftp.ipv6.enabled=false

### RMI service ports ###
alfresco.rmi.services.port=50500
avm.rmi.service.port=0
avmsync.rmi.service.port=0
attribute.rmi.service.port=0
authentication.rmi.service.port=0
repo.rmi.service.port=0
action.rmi.service.port=0
deployment.rmi.service.port=0

### External executable locations ###
ooo.exe=/opt/openoffice.org3/program/soffice
ooo.enabled=true
ooo.port=8100
ooo.port=8100
img.root=/opt/Alfresco/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert
swf.exe=/opt/Alfresco/common/bin/pdf2swf
jodconverter.enabled=false
jodconverter.officeHome=
jodconverter.portNumbers=8100

### Initial admin password ###
alfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634

### E-mail site invitation setting ###
notification.email.siteinvite=false

### File Protocol Root ###
protocols.rootPath=/${spaces.company_home.childname}/${spaces.sites.childname}

### License location ###
dir.license.external=/opt/Alfresco

### Solr indexing ###
index.subsystem.name=solr
dir.keystore=${dir.root}/keystore
solr.port.ssl=9443

### BPM Engine ###
system.workflow.engine.jbpm.enabled=false


My /opt/Alfresco/tomcat/conf/server.xml looks has this configured.


    <Connector port="9443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
               maxThreads="150" scheme="https" keystoreFile="/opt/Alfresco/alf_data/keystore/ssl.keystore" keystorePass="kT9X6oe68t" keystoreType="JCEKS"
secure="true" connectionTimeout="240000" truststoreFile="/opt/Alfresco/alf_data/keystore/ssl.truststore" truststorePass="kT9X6oe68t" truststoreType="JCEKS"
               clientAuth="false" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" />


When I start up Alfresco for the first time I see the following errors in the <strong>catalina.out</strong> log file:


WARNING: Exception getting SSL attributes
java.net.SocketException: SSL Cert handshake timeout
        at org.apache.tomcat.util.net.jsse.JSSESupport.handShake(JSSESupport.java:189)
        at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:143)
        at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1116)
        at org.apache.coyote.Request.action(Request.java:350)
        at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:135)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
        at java.lang.Thread.run(Thread.java:744)

Oct 21, 2013 1:34:07 AM org.quartz.core.JobRunShell run
SEVERE: Job Solr.CoreTracker-alfresco threw an unhandled Exception:
org.alfresco.error.AlfrescoRuntimeException: 09210000 GetModelsDiff return status is 401
        at org.alfresco.solr.client.SOLRAPIClient.getModelsDiff(SOLRAPIClient.java:1010)
        at org.alfresco.solr.tracker.CoreTracker.trackModels(CoreTracker.java:1630)
        at org.alfresco.solr.tracker.CoreTracker.trackRepository(CoreTracker.java:1134)
        at org.alfresco.solr.tracker.CoreTracker.updateIndex(CoreTracker.java:491)
        at org.alfresco.solr.tracker.CoreTrackerJob.execute(CoreTrackerJob.java:45)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)

Oct 21, 2013 1:34:07 AM org.quartz.core.ErrorLogger schedulerError
SEVERE: Job (Solr.CoreTracker-alfresco threw an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exception: org.alfresco.error.AlfrescoRuntimeException: 09210000 GetModelsDiff return status is 401]
        at org.quartz.core.JobRunShell.run(JobRunShell.java:227)
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
Caused by: org.alfresco.error.AlfrescoRuntimeException: 09210000 GetModelsDiff return status is 401
        at org.alfresco.solr.client.SOLRAPIClient.getModelsDiff(SOLRAPIClient.java:1010)
        at org.alfresco.solr.tracker.CoreTracker.trackModels(CoreTracker.java:1630)
        at org.alfresco.solr.tracker.CoreTracker.trackRepository(CoreTracker.java:1134)
        at org.alfresco.solr.tracker.CoreTracker.updateIndex(CoreTracker.java:491)
        at org.alfresco.solr.tracker.CoreTrackerJob.execute(CoreTrackerJob.java:45)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
        … 1 more


I ran the <strong>/opt/Alfresco/alf_data/keystore/generate_keystores.sh</strong>.
I only modified
<li>ALFRESCO_HOME=/opt/Alfresco</li>
and
<li>JAVA_HOME=/usr/java/jdk1.7.0_45/</li>

When I run the script I get the output mentioned in the forum post found here
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/dummy-guide-solr-applying-new.

Using CATALINA_BASE:   /opt/Alfresco/tomcat
Using CATALINA_HOME:   /opt/Alfresco/tomcat
Using CATALINA_TMPDIR: /opt/Alfresco/tomcat/temp
Using JRE_HOME:        /usr/java/jdk1.7.0_45
Using CLASSPATH:       /opt/Alfresco/tomcat/bin/bootstrap.jar
$CATALINA_PID was set (/opt/Alfresco/tomcat/temp/catalina.pid) but the specified file does not exist. Is Tomcat running? Stop aborted.
/opt/Alfresco/tomcat/scripts/ctl.sh : tomcat could not be stopped
Certificate stored in file </root/ssl.repo.crt>
Certificate stored in file </root/ssl.repo.client.crt>
Certificate was added to keystore
Certificate was added to keystore
Certificate was added to keystore
Certificate update complete
Please ensure that you set dir.keystore=/opt/Alfresco/alf_data/keystore in alfresco-global.properties


I now have new keystore and truststore files in the directory <strong>/opt/Alfresco/alf_data/keystore/</strong>


-rw-r–r– 1 root root 2632 Oct 21 01:29 browser.p12
-rw-r–r– 1 root root 2744 Oct 21 01:29 browser.p12.old
-rw-r–r– 1 root root 6276 Aug 15  2012 CreateSSLKeystores.txt
-rw-r–r– 1 root root 5942 Aug 15  2012 generate_keystores.bat
-rwxr-xr-x 1 root root 5708 Oct 21 01:29 generate_keystores.sh
-rwxr-xr-x 1 root root 5679 Aug 15  2012 generate_keystores.sh.org.20131021
-rw-r–r– 1 root root  645 Aug 14  2012 keystore
-rw-r–r– 1 root root  211 Aug 14  2012 keystore-passwords.properties
-rw-r–r– 1 root root  574 Aug 14  2012 readme.txt
-rw-r–r– 1 root root 2268 Oct 21 01:29 ssl.keystore
-rw-r–r– 1 root root 2756 Oct 21 01:29 ssl.keystore.old
-rw-r–r– 1 root root  253 Aug 14  2012 ssl-keystore-passwords.properties
-rw-r–r– 1 root root 1989 Oct 21 01:29 ssl.truststore
-rw-r–r– 1 root root  740 Oct 21 01:29 ssl.truststore.old
-rw-r–r– 1 root root  175 Aug 14  2012 ssl-truststore-passwords.properties


and directory <strong>/opt/Alfresco/alf_data/solr/workspace-SpacesStore/conf/</strong>


-rw-r–r– 1 root root  1094 Aug 14  2012 admin-extra.html
-rw-r–r– 1 root root  1274 Aug 14  2012 elevate.xml
-rw-r–r– 1 root root  2868 Aug 14  2012 mapping-ISOLatin1Accent.txt
-rw-r–r– 1 root root   873 Aug 14  2012 protwords.txt
-rw-r–r– 1 root root  1228 Aug 14  2012 schema.xml
-rw-r–r– 1 root root   921 Aug 14  2012 scripts.conf
-rw-r–r– 1 root root 46124 Aug 14  2012 solrconfig.xml
-rw-r–r– 1 root root  1174 Oct 21 00:18 solrcore.properties
-rw-r–r– 1 root root    14 Aug 14  2012 spellings.txt
-rw-r–r– 1 root root   267 Aug 14  2012 ssl-keystore-passwords.properties
-rw-r–r– 1 root root  2289 Oct 21 01:29 ssl.repo.client.keystore
-rw-r–r– 1 root root  2766 Oct 21 01:29 ssl.repo.client.keystore.old
-rw-r–r– 1 root root  1000 Oct 21 01:29 ssl.repo.client.truststore
-rw-r–r– 1 root root   740 Oct 21 01:29 ssl.repo.client.truststore.old
-rw-r–r– 1 root root   175 Aug 14  2012 ssl-truststore-passwords.properties
-rw-r–r– 1 root root  1171 Aug 14  2012 stopwords.txt
-rw-r–r– 1 root root  1132 Aug 14  2012 synonyms.txt
drwxr-xr-x 2 root root  4096 Oct 21 00:05 xslt


and in <strong>/opt/Alfresco/alf_data/solr/archive-SpacesStore/conf/</strong>


-rw-r–r– 1 root root  1125 Aug 14  2012 admin-extra.html
-rw-r–r– 1 root root  1310 Aug 14  2012 elevate.xml
-rw-r–r– 1 root root  3114 Aug 14  2012 mapping-ISOLatin1Accent.txt
-rw-r–r– 1 root root   894 Aug 14  2012 protwords.txt
-rw-r–r– 1 root root  1254 Aug 14  2012 schema.xml
-rw-r–r– 1 root root   945 Aug 14  2012 scripts.conf
-rw-r–r– 1 root root 47214 Aug 14  2012 solrconfig.xml
-rw-r–r– 1 root root  1171 Oct 21 00:18 solrcore.properties
-rw-r–r– 1 root root    16 Aug 14  2012 spellings.txt
-rw-r–r– 1 root root   267 Aug 14  2012 ssl-keystore-passwords.properties
-rw-r–r– 1 root root  2289 Oct 21 01:29 ssl.repo.client.keystore
-rw-r–r– 1 root root  2766 Oct 21 01:29 ssl.repo.client.keystore.old
-rw-r–r– 1 root root  1000 Oct 21 01:29 ssl.repo.client.truststore
-rw-r–r– 1 root root   740 Oct 21 01:29 ssl.repo.client.truststore.old
-rw-r–r– 1 root root   175 Aug 14  2012 ssl-truststore-passwords.properties
-rw-r–r– 1 root root  1229 Aug 14  2012 stopwords.txt
-rw-r–r– 1 root root  1163 Aug 14  2012 synonyms.txt
drwxr-xr-x 2 root root  4096 Oct 21 00:05 xslt



I'm so close I can taste it.  Any help would be greatly appreciated.

Regards.

Outcomes