i`m trying to install some SSL certificates bought from godaddy.com. I found some tutorials like this one:
http://www.denizoguz.com/2011/01/02/installing-godaddy-ssl-certificates-on-glassfish-v3-step-by-step/
My certificates were generated a year ago for apache http server, so i followed the tutorial from step 3.
I have imported these files in keystore.jks, i have replaced all occurrences of s1as with my certificate nickname in domain.xml, i have restarted the domain, but when i try to access something over ssl i get this in glassfish logs:
[#|2011-10-04T16:02:52.972+0300|WARNING|glassfish3.1.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=17;_ThreadName=http-thread-pool-8181(1);|GRIZZLY0007: SSL support could not be configured!
java.io.IOException: SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:455)
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:183)
at com.sun.grizzly.config.SSLConfigHolder.initializeSSL(SSLConfigHolder.java:361)
at com.sun.grizzly.config.SSLConfigHolder.configureSSL(SSLConfigHolder.java:239)
at com.sun.grizzly.config.GrizzlyEmbeddedHttps$LazySSLInitializationFilter.execute(GrizzlyEmbeddedHttps.java:202)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:679)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at sun.security.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:327)
at sun.security.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:272)
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:451)
... 14 more
|#]
[#|2011-10-04T16:02:52.976+0300|SEVERE|glassfish3.1.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=17;_ThreadName=http-thread-pool-8181(1);|ProtocolChain exception
java.lang.NullPointerException
at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:679)
|#]
any idea what i am doing wring ???
yes, i think that the problem resigns in the fact that my certificates are for apache http. I found this tutorial http://wiki.eclipse.org/Generating_a_Private_Key_and_a_Keystore that explains how to convert these certificates, but this does not seems to solve my problem eighter
updates,
after i followed this tutorial agentbob.info/agentbob/79-AB.html, now i get
[#|2011-10-05T13:18:47.853+0300|WARNING|glassfish3.1.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=17;_ThreadName=http-thread-pool-8181(1);|GRIZZLY0007: SSL support could not be configured!
java.io.IOException: injection failed on com.sun.enterprise.security.ssl.SSLUtils.secSupp with class com.sun.enterprise.server.pluggable.SecuritySupport
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:188)
at com.sun.grizzly.config.SSLConfigHolder.initializeSSL(SSLConfigHolder.java:361)
at com.sun.grizzly.config.SSLConfigHolder.configureSSL(SSLConfigHolder.java:239)
at com.sun.grizzly.config.GrizzlyEmbeddedHttps$LazySSLInitializationFilter.execute(GrizzlyEmbeddedHttps.java:202)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:679)
|#]
[#|2011-10-05T13:18:47.859+0300|SEVERE|glassfish3.1.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=17;_ThreadName=http-thread-pool-8181(1);|ProtocolChain exception
java.lang.NullPointerException
at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:679)
|#]
another update
it seems that if a change the password from importkey to changeit i get this error :
[#|2011-10-05T13:29:17.210+0300|SEVERE|glassfish3.1.1|javax.enterprise.system.core.com.sun.enterprise.v3.server|_ThreadID=20;_ThreadName=Thread-50;|java.security.UnrecoverableKeyException: Cannot recover key
java.lang.Error: java.security.UnrecoverableKeyException: Cannot recover key
at com.sun.enterprise.security.ssl.SSLUtils.getSSLContext(SSLUtils.java:159)
at com.sun.enterprise.security.ssl.SSLUtils.postConstruct(SSLUtils.java:125)
at com.sun.hk2.component.AbstractCreatorImpl.inject(AbstractCreatorImpl.java:131)
at com.sun.hk2.component.ConstructorCreator.initialize(ConstructorCreator.java:91)
at com.sun.hk2.component.AbstractCreatorImpl.get(AbstractCreatorImpl.java:82)
at com.sun.hk2.component.SingletonInhabitant.get(SingletonInhabitant.java:67)
at com.sun.hk2.component.EventPublishingInhabitant.get(EventPublishingInhabitant.java:139)
at com.sun.hk2.component.AbstractInhabitantImpl.get(AbstractInhabitantImpl.java:76)
at org.jvnet.hk2.component.Habitat.getBy(Habitat.java:1048)
at org.jvnet.hk2.component.Habitat.getByType(Habitat.java:1029)
at com.sun.hk2.component.InjectInjectionResolver.getComponentInjectValue(InjectInjectionResolver.java:159)
at com.sun.hk2.component.InjectInjectionResolver.getValue(InjectInjectionResolver.java:90)
at org.jvnet.hk2.component.InjectionManager.inject(InjectionManager.java:141)
at org.jvnet.hk2.component.InjectionManager.inject(InjectionManager.java:91)
at com.sun.hk2.component.AbstractCreatorImpl.inject(AbstractCreatorImpl.java:126)
at com.sun.hk2.component.ConstructorCreator.initialize(ConstructorCreator.java:91)
at com.sun.hk2.component.AbstractCreatorImpl.get(AbstractCreatorImpl.java:82)
at com.sun.hk2.component.SingletonInhabitant.get(SingletonInhabitant.java:67)
at com.sun.hk2.component.EventPublishingInhabitant.get(EventPublishingInhabitant.java:139)
at com.sun.hk2.component.AbstractInhabitantImpl.get(AbstractInhabitantImpl.java:76)
at com.sun.enterprise.security.SecuritySniffer.setup(SecuritySniffer.java:109)
at com.sun.enterprise.v3.server.ContainerStarter.startContainer(ContainerStarter.java:116)
at com.sun.enterprise.v3.server.ApplicationLifecycle.setupContainer(ApplicationLifecycle.java:944)
at com.sun.enterprise.v3.server.ApplicationLifecycle.setupContainerInfos(ApplicationLifecycle.java:652)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:368)
at com.sun.enterprise.v3.server.ApplicationLoaderService.processApplication(ApplicationLoaderService.java:375)
at com.sun.enterprise.v3.admin.adapter.InstallerThread.load(InstallerThread.java:210)
at com.sun.enterprise.v3.admin.adapter.InstallerThread.run(InstallerThread.java:108)
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)
at java.security.KeyStore.getKey(KeyStore.java:779)
at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:131)
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:68)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
at com.sun.enterprise.security.ssl.impl.SecuritySupportImpl.getKeyManagers(SecuritySupportImpl.java:290)
at com.sun.enterprise.security.ssl.SSLUtils.getKeyManagers(SSLUtils.java:197)
at com.sun.enterprise.security.ssl.SSLUtils.getSSLContext(SSLUtils.java:147)
... 27 more
|#]
You should ensure that the keystore password matches the Glassfish master password (which is not the admin password).
Here is a tutorial how to change the master password for GF 3.1
It looks like you might have either some setup issues or a known bug. Check this post out.
From the thread:
"2. This is a set up issue. They cannot find the corresponding certificates.
Can you double check the *.jks file? Note that the default keystore
password is changeit."
Related
I launch our application for test with chrome browser using the manual explore option from zap and getting the below error. I save the SSL certificate from ZAP and imported to chrome browser, still getting the below error. Help me on resolving this?
ZAP Error [java.net.SocketException]: Connection reset
Stack Trace:
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:209)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:860)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2278)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1160)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:470)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:207)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:430)
at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:672)
at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:627)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:602)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:585)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:490)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:460)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:562)
at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:319)
at java.lang.Thread.run(Thread.java:745)
Is there any reason you are not launching Chrome from ZAP?
That way you dont have to set up the certificate and ZAP automatically sets it up correctly.
If you set ss-enabled-components to all and then start the locator:
gfsh>start locator --name=IsLocator --bind-address=#.#.#.# --port=10334 --properties-file=..\config\gemfire.properties --security-properties-file=..\confi
g\gfsecurity.properties --J=-Dgemfire.jmx-manager-start=true --J=-Dgemfire.jmx-manager=true
the locator starts fine. So I try to connect the GFSH to the locator with an SSL connection:
gfsh>connect --locator=#.#.#.#[10334] --use-ssl
Please specify these SSL Configuration properties:
key-store: trusted.keystore
key-store-password: ********
trust-store: trusted.keystore
trust-store-password: ********
ciphers:
protocols:
Connecting to Locator at [host=#.#.#.#, port=10334] ..
There is an error
java.lang.ClassCastException: java.lang.Class cannot be cast to org.apache.geode.management.internal.JmxManagerLocatorResponse
Also, the locator logs show the Cluster configuration service start up completed successfully and is now running .... info, but then come repeated errors, all like:
[info 2017/09/22 14:35:10.213 BST IsLocator <locator request thread[3]> tid=0x58] Exception in processing request from #.#.#.#
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710)
at sun.security.ssl.InputRecord.read(InputRecord.java:527)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.apache.geode.internal.net.SocketCreator.configureServerSSLSocket(SocketCreator.java:1011)
at org.apache.geode.distributed.internal.tcpserver.TcpServer.lambda$processRequest$0(TcpServer.java:345)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
What is the locator trying to communicate with?
I think this was to do with not having set keyalg=EC in the SSL certificate per this question
Again, I have some problems with Solr. I'm trying to set up a SolrCloud cluster with three ZooKeeper instances and two Solr instances. Communication should be secured with SSL. I used the official Solr wiki as manual: https://cwiki.apache.org/confluence/display/solr/Enabling+SSL
When I start the first Solr node everything works fine. I can access the Web UI via HTTPS and communication between Solr and ZooKeeper also works. But when I start the second Solr node in my cluster I get the following exception:
Error while trying to recover. core=core1_shard2_replica2:java.util.concurrent.ExecutionException: org.apache.solr.client.solrj.SolrServerException: IOException occured when talking to server at: https://ec2-xx-xx-xxx-xx.eu-central-1.compute.amazonaws.com:8983/solr
at java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.util.concurrent.FutureTask.get(FutureTask.java:192)
at org.apache.solr.cloud.RecoveryStrategy.sendPrepRecoveryCmd(RecoveryStrategy.java:593)
at org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:350)
at org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:221)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$22(ExecutorUtil.java:229)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.solr.client.solrj.SolrServerException: IOException occured when talking to server at: https://ec2-xx-xx-xxx-xx.eu-central-1.compute.amazonaws.com:8983/solr
at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:604)
at org.apache.solr.client.solrj.impl.HttpSolrClient.lambda$httpUriRequest$13(HttpSolrClient.java:299)
... 5 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:495)
... 6 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:352)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 24 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347)
... 30 more
Caused by: java.security.SignatureException: Signature does not match.
at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:424)
at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:166)
at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:147)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
So it seems that Solr does not accept the self-signed certificate. The option -Dsolr.ssl.checkPeerName=false as stated in the Solr Wiki has no effect (I put this parameter in the solr.in.sh script). I have to admit I'm pretty clueless right now :(
Does anyone have any idea what I could do to make the inter-Solr-node communication work?
BTW: I'm on Solr 6.1.0, and before I activated SSL everything worked like a charm.
Thanks a lot!
You can also add second node's certificate to the first node's keystore and also add first node's certificate to the second node's keystore via following command:
keytool -import -alias ca -file other_node_cert -keystore solr-ssl.keystore.jks
Then you can use self-signed certificate.
Looking at exception details it appears to be a handshake issue between java client code and the ssl enabled server. The JRE involved here probably doesn't trust the certificate. You can try to mark the cert as a trusted one (include in JRE truststore). Check JRE version specific documentation for steps to update truststore.
I'm using Keycloak 1.9.0 Final with Google Identity provider.
But when user try to login with Google OAuth we got this error:
2016-05-26 04:47:11,444 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider](default task-5) Failed to make identity provider oauth callback: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at org.keycloak.broker.provider.util.SimpleHttp.asString(SimpleHttp.java:141)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:228)
at sun.reflect.GeneratedMethodAccessor493.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
2016-05-26 04:51:25,613 WARN [org.keycloak.events] (default task-23) type=LOGIN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=36.81.27.147, error=identity_provider_login_failure
Anyone have the same problem and able to fix it?
I have fixed it. Please enable the Google+ API. It will give you access.
I'm facing strange error. I use Glassfish 3.1.1 withn jdk7 and since some time I can't login to admin console via web (localhost:4848), I keep getting message Authentication Failed Re-enter your username and password here are logs:
[#|2012-01-16T11:15:37.415+0100|INFO|glassfish3.1.1|javax.enterprise.system.tools.admin.com.sun.enterprise.container.common|_ThreadID=110;_ThreadName=Thread-2;|User
[admin] from host 127.0.0.1 does not have administration access|#]
[#|2012-01-16T11:15:37.446+0100|INFO|glassfish3.1.1|javax.enterprise.system.tools.admin.com.sun.enterprise.container.common|_ThreadID=101;_ThreadName=Thread-2;|User
[admin] from host 127.0.0.1 does not have administration access|#]
[#|2012-01-16T11:16:07.008+0100|SEVERE|glassfish3.1.1|org.glassfish.admin.rest.resources.GeneratorResource|_ThreadID=100;_ThreadName=Thread-2;|The
log message is null. java.lang.RuntimeException: Cannot find
annotation org.glassfish.config.support.Create with value
_register-instance on method public abstract com.sun.enterprise.config.serverbeans.Server
com.sun.enterprise.config.serverbeans.Servers.getServer(java.lang.String)
at
org.glassfish.config.support.GenericCrudCommand.getAnnotation(GenericCrudCommand.java:196)
at
org.glassfish.config.support.GenericCreateCommand.postConstruct(GenericCreateCommand.java:90)
at
com.sun.hk2.component.AbstractCreatorImpl.inject(AbstractCreatorImpl.java:131)
at
com.sun.hk2.component.ConstructorCreator.initialize(ConstructorCreator.java:91)
at
com.sun.hk2.component.AbstractCreatorImpl.get(AbstractCreatorImpl.java:82)
at
com.sun.hk2.component.EventPublishingInhabitant.get(EventPublishingInhabitant.java:139)
at
com.sun.hk2.component.AbstractInhabitantImpl.get(AbstractInhabitantImpl.java:76) at org.jvnet.hk2.component.Habitat.getComponent(Habitat.java:796) at
com.sun.enterprise.v3.admin.CommandRunnerImpl.getModel(CommandRunnerImpl.java:150)
at
org.glassfish.admin.rest.generator.ResourcesGeneratorBase.commandIsPresent(ResourcesGeneratorBase.java:315)
at
org.glassfish.admin.rest.generator.ResourcesGeneratorBase.generateCommandResources(ResourcesGeneratorBase.java:296)
at
org.glassfish.admin.rest.generator.ResourcesGeneratorBase.generateSingle(ResourcesGeneratorBase.java:100)
at
org.glassfish.admin.rest.LazyJerseyInit.generateASM(LazyJerseyInit.java:311)
at
org.glassfish.admin.rest.LazyJerseyInit.getResourcesConfigForManagement(LazyJerseyInit.java:255)
at
org.glassfish.admin.rest.adapter.RestManagementAdapter.getResourcesConfig(RestManagementAdapter.java:62)
at
org.glassfish.admin.rest.adapter.RestAdapter.exposeContext(RestAdapter.java:455)
at
org.glassfish.admin.rest.adapter.RestAdapter.service(RestAdapter.java:177)
at
com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:168)
at
com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117)
at
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:238)
at
com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
at
com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
at
com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
at
com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at
com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at
com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at
com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71) at
com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:722) |#]
[#|2012-01-16T11:16:07.008+0100|SEVERE|glassfish3.1.1|org.glassfish.admin.rest.LazyJerseyInit|_ThreadID=100;_ThreadName=Thread-2;|The
log message is null. java.lang.ClassNotFoundException:
org.glassfish.admin.rest.resources.generatedASM.DomainResource not
found by org.glassfish.admin.rest-service [164] at
org.apache.felix.framework.ModuleImpl.findClassOrResourceByDelegation(ModuleImpl.java:787)
at
org.apache.felix.framework.ModuleImpl.access$400(ModuleImpl.java:71)
at
org.apache.felix.framework.ModuleImpl$ModuleClassLoader.loadClass(ModuleImpl.java:1768)
at java.lang.ClassLoader.loadClass(ClassLoader.java:356) at
java.lang.Class.forName0(Native Method) at
java.lang.Class.forName(Class.java:186) at
org.glassfish.admin.rest.LazyJerseyInit.getResourcesConfigForManagement(LazyJerseyInit.java:257)
at
org.glassfish.admin.rest.adapter.RestManagementAdapter.getResourcesConfig(RestManagementAdapter.java:62)
at
org.glassfish.admin.rest.adapter.RestAdapter.exposeContext(RestAdapter.java:455)
at
org.glassfish.admin.rest.adapter.RestAdapter.service(RestAdapter.java:177)
at
com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:168)
at
com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117)
at
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:238)
at
com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
at
com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
at
com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
at
com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at
com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at
com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at
com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71) at
com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:722) |#]
[#|2012-01-16T11:16:07.071+0100|INFO|glassfish3.1.1|com.sun.jersey.server.impl.application.WebApplicationImpl|_ThreadID=100;_ThreadName=Thread-2;|Initiating
Jersey application, version 'Jersey: 1.8 06/24/2011 12:17 PM'|#]
[#|2012-01-16T11:16:07.086+0100|WARNING|glassfish3.1.1|org.apache.catalina.connector.Request|_ThreadID=111;_ThreadName=Thread-2;|PWC4011:
Unable to set request character encoding to UTF-8 from context ,
because request parameters have already been read, or
ServletRequest.getReader() has already been called|#]
Username and password are 100% correct, I have no problem login via asadmin cmd.
I had the same issue with GlassFish 4.1, admin password for working via asadmin tool but not via the browser. The problem first came after I imported a new signed server certificate to replacing the existing 's1as' alias in the keystore.jks.
After some struggling I figured out the right solution:
sudo asadmin disable-secure-admin
sudo asadmin restart-domain domain1
sudo asadmin enable-secure-admin
sudo asadmin restart-domain domain1
Admin user authentication works again in the browser! :-)
I had this problem, and raised a bug with the Glassfish project.
It's fixed in the fresh Glassfish 3.1.2. It was released yesterday.
Just for reference of those searching for it: You don't need to install Glassfish 3.1.2 (for those using Linux distribution). The following worked for me:
Open a terminal and cd to the glassfish installation location
./asadmin stop domain domain1 (or other domains) in order to stop your glassfish server
Go to your browser and flush your cache memory (usually in the History option -> clear recent history)
Now you should be able to login to the admin console.
For those that have the default password yet, maybe you need to change it from admin console. (./asadmin change-admin-password).
Thanks, Victor. Saved me a lot of headache.
When using different aliases, specify them on the command line when enabling secure admin again:
asadmin enable-secure-admin --adminalias adtest --instancealias intest
I also faced the same problem with 4.0 and 4.1.1.
However, 4.1.2. appears to fix the issue. I installed it (from here), and no login details are requested.