unable to find valid certification path to requested target #581
Comments
|
Revised config file |
|
Are you using a valid/trusted certificate? The https://docs.oracle.com/javase/tutorial/security/toolfilex/rstep1.html If the communication between your consuming app and Solr is all behind a firewall, you could also drop the encryption, which should also improve performance slightly. |
|
Yes I am using a valid certificate Following are the steps I have used to add the certificate manually. I have created a keystore file and have enabled SSL on my solr server using the following procedures:
Keytool –genkey –alias aliasname –keystore /solr-ssl.keystore.pfx –storetype PKCS12 –keyalg RSA –storepass password –ext SAN=dns:localhost,dns:solr-devapp01.devt1.restOfDomain –validity 730 –keysize 2048
set SOLR_SSL_ENABLED=true set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.pfx set SOLR_SSL_NEED_CLIENT_AUTH=false |
|
I wonder if there is anything else I need to do for the documents to be committed. WIth above steps, I am able to crawl but not commit. |
|
@joettt |
|
Hi Jeremy, yes I am using the same java installation for both apps. I imported the cert using Certificte Import Wizrd. |
|
How do I verify that the httpcrawler is infact using the same truststore? In the httpcrawler configuration, I have used the trustAllSSLCertificates option. |
|
The httpcrawler has no problem communicating with the trusted sites but the Norconex Committer is unable to recognize the certificate |
|
I'm not familiar with the wizard, but typically you'll import your CA file into the truststore. Since you're using a self signed keypair, you'll probably need to export your cer.pem like this -
Then import it into your CA trustore [typically JAVA_HOME/jre/lib/security/cacerts]
|
|
The default truststore is 'JAVA_HOME/jre/lib/security/cacerts' If no Java arguments have been provided to the app to change it. |
|
My truststore is at JAVA_HOME/lib/security/cacerts which for some reason committer is unable to detect. |
|
You could add a java arg to tell the app which truststore to use - Also, here is a gist [SSLPoke] that helps debug keystore/trust issues - |
|
Thanks again Jeremy. |
|
You would do it like @jdbranham suggests, on Java itself when it launches. Modify the |
|
Thank you @jdbranham and Pascal. The issue is now resolved by following these steps
|
Hello, I have set up a new solr server and configured to use TLS/SSL and have been successful in running Solr with https. I am also able to crawl the site using the Norconex crawler. But I am getting com.norconex.committer.core.CommitterException when the committer tries to index the documents. Looking at the attached logs, I see the message "unable to find valid certification path to requested target". In my attached config file (pol2.txt), I have even tried adding
<httpClientFactory> <trustAllSSLCertificates>true</trustAllSSLCertificates> </httpClientFactory> as suggested in https://github.com/Norconex/collector-http/issues/100but I still get the same error.
Any advice will be greatly appreciated.
pol_32_crawler.log
pol2.txt
The text was updated successfully, but these errors were encountered: