We Keep Coding

Take an error when I've try apply my CA certificate to Apache Solr

I've try to apply my CA certificate to Solr. I've already reach solr with http or self-signed certificate following their own recipe in there: enabling ssl
But, when I try to apply my CA certificate I take an error : "HTTP ERROR 404 javax.servlet.UnavailableException: Error processing the request. CoreContainer is either not initialized or shutting down."
Full error message that I've take on browser
My solr.in.sh config is:
SOLR_SSL_ENABLED=true
SOLR_SSL_KEY_STORE=/etc/default/mykeystore
SOLR_SSL_KEY_STORE_PASSWORD=********
SOLR_SSL_TRUST_STORE=/etc/default/mykeystore
SOLR_SSL_TRUST_STORE_PASSWORD=********
SOLR_SSL_NEED_CLIENT_AUTH=false
# SOLR_SSL_WANT_CLIENT_AUTH=false
#SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=true
SOLR_SSL_CHECK_PEER_NAME=false
SOLR_SSL_KEY_STORE_TYPE=JKS
SOLR_SSL_TRUST_STORE_TYPE=JKS
I followed this two link for convert my pem file to key store: first:1 then:2 (I applied just fourth step in second link) then named the file as mykeystore.
I tried a lot of solution which some of them in stackoverflow. But none of them are my answer. Any help, any idea can be very useful. I'm totally stuck. What can I do/check?

EJBCA: Authorization Denied Admin GUI

I am attempting to upgrade EJBCA.
I attempted to run this on ubuntu 20.04, locally, using wildfly 18. Wildfly 18 results in this error: "CAUSE: Client certificate or OAuth bearer token required."
I have tried this two ways, by importing the keystore, truststore and superadmin from another instance and by creating the CA fresh and using the resulting superadmin.p12.
The home page loads, but the administration gives me the following error:
"AUTHORIZATIONDENIED
CAUSE: Client certificate or OAuth bearer token required. "
I can really use some help with this.
Things I have tried:
(1) I have downloaded superadmin.p12 and imported it into my browsers
(2) I have attempted to upload the superdmin cert:
bin/ejbca.sh ca importcacert ${NAME} ${NAME}.cacert.pem -initauthorization -superadmincn SuperAdmin
This results in The CA certificate is already imported.
(3) Both my keystore.jks and truststore.jks are moved into /ejbca/p12 and /opt/wildfly/standalone/configuration/keystore
(4) I did set "web.reqcertindb=false"
(6) I did try to enable ssl on wildfly 14 (https://docs.bitnami.com/bch/infrastructure/wildfly/administration/enable-ssl-wildfly/)
(7) I have tried a fresh Management_CA as well
The log of /ejbca/adminweb:
"08:20:01,270 ERROR [org.ejbca.ui.web.admin.configuration.EjbcaJSFHelperImpl] (default task-4) org.cesecore.authentication.AuthenticationFailedException: Client certificate or OAuth bearer token required.
08:20:01,279 WARN [org.ejbca.ui.web.admin.configuration.EjbcaWebBeanImpl] (default task-4) Language was not initialized for this session
08:20:01,279 WARN [org.ejbca.ui.web.admin.configuration.EjbcaWebBeanImpl]
I can provide more information if needs be.
Thank you

So, I have it running today. Here is what I learned:
It seems that if you set wildfly up as a service (per instructions) it is going to set up wildfly to run with launch.sh. Launch.sh is going to result in a cipher mistmatch. I needed to run the standalone.sh file instead
Adminweb must be contacted on 8443
if you need to run this thing on domain setup your going to need to post another question
Best,

WebSocketpp handshake issue with TLS

I have been learning with WebSocket++ and built some of the server examples (Windows 10 Visual Studio 2019). The non-TLS examples work without issues, however, the TLS-enabled examples (echo_server_both.cpp and echo_server_tls.cpp) can't do the handshake. I am very new to web development in general so I know I must be doing something wrong with regards to the certificate and keys.
I am testing the servers with WebSocket King client, an extension of Google Chrome that connects correctly to other websocket servers like wss://echo.websocket.org and to my own localhost when I don't use TLS.
The echo_server_both example comes with a server.pem file, and the echo_server_tls example comes with server.pem and dh.pem. I have used the same files that come with the samples, and I have also tried generating and registering my own .pem files using openSSL. In both cases I get this when the client tries to connect:
[2021-06-29 20:51:21] [error] handle_transport_init received error: sslv3 alert certificate unknown
[2021-06-29 20:51:21] [fail] WebSocket Connection [::1]:63346 - "" - 0 asio.ssl:336151574 sslv3 alert certificate unknown
[2021-06-29 20:51:21] [info] asio async_shutdown error: asio.ssl:336462231 (shutdown while in init)
I discovered these errors after I edited handle_init() in tls.hpp, following a suggestion in another site, to look like this:
void handle_init(init_handler callback,lib::asio::error_code const & ec) {
if (ec) {
//m_ec = socket::make_error_code(socket::error::tls_handshake_failed);
m_ec = ec;
} else {
m_ec = lib::error_code();
}
callback(m_ec);
}
This change let the actual openSSL error to show in the console, otherwise it would show a generic "handshake failed" error.
I know I'm not doing what I should with the certificates, but I have no idea where else to look or what to do next. Can anyone here help please? Should I use the .pem files that come with the examples, or should I generate my own? in case I should generate my own, what would be the openSSL command to do that correctly and how do I tell my PC to recognize these as valid so that the server works?

Found the problem: WebSocket++ will not accept a self-signed certificate (the ones you can create directly in your own PC using OpenSSL or the Windows utilities). There is no way around it. You must have a valid, authority-validated and endorsed certificate. You can get such a certificate for free (valid only for 90 days) from https://zerossl.com/. The site has detailed instructions on how to request, obtain and install a certificate. After getting a valid certificate and installing it on my server, everything worked as it should.

javax.net.ssl.SSLHandshakeException while using protocol-selenium plugin nutch

I am trying to index this page using Apache Nutch selenium driver but when running parsechecker command it is throwing SSLHandShake exception.
bin/nutch parsechecker -Dplugin.includes='protocol-selenium|parse-tika' -Dselenium.grid.binary=/usr/bin/geckodriver -Dselenium.enable.headless=true -followRedirects -dumpText https://us.vwr.com/store/product?partNum=68300-353
Fetch failed with protocol status: exception(16), lastModified=0: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
When i have tried protocol-httpclient, Nutch is able to crawl content of page but it is not crawling dynamic content as httpclient is not support it. i have also tried protocol-interactiveselenium as well but with this also i am getting SSL handshake issue.
I have downloaded certificate and installed in JRE as well, but still facing same issue.
Version: Nutch 1.16
Update-1
Now when i checked hadoop.log, it is showing below error in log file:
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
... 12 more

I think that this is related to NUTCH-2649. For protocol-httpclient and protocol-http currently, Nutch has a dummy TrustManager for the connection (i.e we don't validate the certificates). As described in NUTCH-2649 protocol-selenium does not use the custom TrustManager and it tries to properly validate the certificate.
That being said, adding the certificate to the JVM should solve the issue for this specific domain. Perhaps selenium is not having access to the list of allowed certificates.

"Peer not authenticated" when trying to add a form

I have just installed Orbeon 3.9 CE on a WebSphere WAS 7.0 environment all was looking well but when I tried to add a form I got and error sating "peer not authenticated".
I turned on debugging in the log4j.xml file and this is what I got out of it:
2011-05-27 16:34:13,051 ERROR ProcessorService - Exception at oxf:/apps/fr/components/components.xsl (executing XSLT transformation)
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.ibm.jsse2.fc.getPeerCertificates(fc.java:46)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:488)
at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:562)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.orbeon.oxf.resources.handler.HTTPURLConnection.connect(HTTPURLConnection.java:219)
at org.orbeon.oxf.util.Connection.connect(Connection.java:494)
at org.orbeon.oxf.util.Connection.open(Connection.java:94)
at org.orbeon.oxf.processor.generator.URLGenerator$URLResourceHandler.openConnection(URLGenerator.java:817)
at org.orbeon.oxf.processor.generator.URLGenerator$URLResourceHandler.getResourceMediaType(URLGenerator.java:770)
at org.orbeon.oxf.processor.generator.URLGenerator$1.readImpl(URLGenerator.java:420)
at org.orbeon.oxf.processor.impl.ProcessorOutputImpl$TopLevelOutputFilter.read(ProcessorOutputImpl.java:263)
at org.orbeon.oxf.processor.impl.ProcessorOutputImpl.read(ProcessorOutputImpl.java:406)
at org.orbeon.oxf.processor.ProcessorImpl.readInputAsSAX(ProcessorImpl.java:260)
at org.orbeon.oxf.processor.pipeline.TeeProcessor$TeeProcessorOutputImpl.readImpl(TeeProcessor.java:89)
at org.orbeon.oxf.processor.impl.ProcessorOutputImpl$TopLevelOutputFilter.read(ProcessorOutputImpl.java:263)
at org.orbeon.oxf.processor.impl.ProcessorOutputImpl.read(ProcessorOutputImpl.java:406)
at org.orbeon.oxf.processor.ProcessorImpl.readInputAsSAX(ProcessorImpl.java:260)
at org.orbeon.oxf.processor.ProcessorImpl.readInputAsTinyTree(ProcessorImpl.java:286)
at org.orbeon.oxf.processor.ProcessorImpl$3.read(ProcessorImpl.java:315)
at org.orbeon.oxf.processor.ProcessorImpl.readCacheInputAsObject(ProcessorImpl.java:365)
at org.orbeon.oxf.processor.ProcessorImpl.readCacheInputAsObject(ProcessorImpl.java:330)
at org.orbeon.oxf.processor.ProcessorImpl.readCacheInputAsTinyTree(ProcessorImpl.java:313)

This looks like an error that would happen if you use HTTPS with an invalid certificate (such as a self-signed certificate). If this is what you are doing, you can either:
Add the your certificate to your VM trust store. (I'll let you lookup how to do this on WebSphere.)
Use HTTP instead of HTTPS, at least during development where you don't have a valid certificate.
Get a real certificate, for instance from StartSSL which issues class 1 certificate for free.