New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unable to find valid certification path to requested target #581
Comments
Revised config file |
Are you using a valid/trusted certificate? The https://docs.oracle.com/javase/tutorial/security/toolfilex/rstep1.html If the communication between your consuming app and Solr is all behind a firewall, you could also drop the encryption, which should also improve performance slightly. |
Yes I am using a valid certificate Following are the steps I have used to add the certificate manually. I have created a keystore file and have enabled SSL on my solr server using the following procedures:
Keytool –genkey –alias aliasname –keystore /solr-ssl.keystore.pfx –storetype PKCS12 –keyalg RSA –storepass password –ext SAN=dns:localhost,dns:solr-devapp01.devt1.restOfDomain –validity 730 –keysize 2048
set SOLR_SSL_ENABLED=true set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.pfx set SOLR_SSL_NEED_CLIENT_AUTH=false |
I wonder if there is anything else I need to do for the documents to be committed. WIth above steps, I am able to crawl but not commit. |
@joettt |
Hi Jeremy, yes I am using the same java installation for both apps. I imported the cert using Certificte Import Wizrd. |
How do I verify that the httpcrawler is infact using the same truststore? In the httpcrawler configuration, I have used the trustAllSSLCertificates option. |
The httpcrawler has no problem communicating with the trusted sites but the Norconex Committer is unable to recognize the certificate |
I'm not familiar with the wizard, but typically you'll import your CA file into the truststore. Since you're using a self signed keypair, you'll probably need to export your cer.pem like this -
Then import it into your CA trustore [typically JAVA_HOME/jre/lib/security/cacerts]
|
The default truststore is 'JAVA_HOME/jre/lib/security/cacerts' If no Java arguments have been provided to the app to change it. |
My truststore is at JAVA_HOME/lib/security/cacerts which for some reason committer is unable to detect. |
You could add a java arg to tell the app which truststore to use - Also, here is a gist [SSLPoke] that helps debug keystore/trust issues - |
Thanks again Jeremy. |
You would do it like @jdbranham suggests, on Java itself when it launches. Modify the |
Thank you @jdbranham and Pascal. The issue is now resolved by following these steps
|
Hello, I have set up a new solr server and configured to use TLS/SSL and have been successful in running Solr with https. I am also able to crawl the site using the Norconex crawler. But I am getting com.norconex.committer.core.CommitterException when the committer tries to index the documents. Looking at the attached logs, I see the message "unable to find valid certification path to requested target". In my attached config file (pol2.txt), I have even tried adding
<httpClientFactory> <trustAllSSLCertificates>true</trustAllSSLCertificates> </httpClientFactory> as suggested in https://github.com/Norconex/collector-http/issues/100
but I still get the same error.
Any advice will be greatly appreciated.
pol_32_crawler.log
pol2.txt
The text was updated successfully, but these errors were encountered: