Link to post:
(org.alfresco.error.AlfrescoRuntimeException Unable to create key manager)
by rgdelacalle
Hi, I've installed from zip Alfresco Community 7.3 with Alfresco Search Services 2.0 with Mutual TLS following the official documentation (https://docs.alfresco.com/content-services/community/install/zip/tomcat/) but I'm stucked with a problem with certificates. Solr logging show the following: org.alfresco.error.AlfrescoRuntimeException: 00240001 Unable to create SSL context
at org.alfresco.encryption.ssl.AuthSSLProtocolSocketFactory.getSSLContext(AuthSSLProtocolSocketFactory.java:130)
at org.alfresco.encryption.ssl.AuthSSLProtocolSocketFactory.createSocket(AuthSSLProtocolSocketFactory.java:165)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.alfresco.httpclient.AbstractHttpClient.executeMethod(AbstractHttpClient.java:135)
at org.alfresco.httpclient.AbstractHttpClient.sendRemoteRequest(AbstractHttpClient.java:111)
at org.alfresco.httpclient.HttpClientFactory$HttpsClient.sendRequest(HttpClientFactory.java:422)
at org.alfresco.solr.client.SOLRAPIClient.callRepository(SOLRAPIClient.java:1593)
at org.alfresco.solr.client.SOLRAPIClient.getModelsDiff(SOLRAPIClient.java:1103)
at org.alfresco.solr.tracker.ModelTracker.trackModelsImpl(ModelTracker.java:313)
at org.alfresco.solr.tracker.ModelTracker.trackModels(ModelTracker.java:275)
at org.alfresco.solr.tracker.ModelTracker.ensureFirstModelSync(ModelTracker.java:297)
at org.alfresco.solr.lifecycle.SolrCoreLoadListener.createModelTracker(SolrCoreLoadListener.java:341)
at org.alfresco.solr.lifecycle.SolrCoreLoadListener.newSearcher(SolrCoreLoadListener.java:135)
at org.apache.solr.core.SolrCore.lambda$getSearcher$15(SolrCore.java:2249)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:229)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.alfresco.error.AlfrescoRuntimeException: 00240000 Unable to create key manager
at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKeyManagers(AlfrescoKeyStoreImpl.java:337)
at org.alfresco.encryption.ssl.AuthSSLProtocolSocketFactory.createSSLContext(AuthSSLProtocolSocketFactory.java:103)
at org.alfresco.encryption.ssl.AuthSSLProtocolSocketFactory.getSSLContext(AuthSSLProtocolSocketFactory.java:124)
... 23 more
Caused by: java.lang.IllegalArgumentException: password can't be null
at java.base/com.sun.crypto.provider.KeyProtector.<init>(KeyProtector.java:114)
at java.base/com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:129)
at java.base/java.security.KeyStore.getKey(KeyStore.java:1057)
at java.base/sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:145)
at java.base/sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
at java.base/javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:271)
at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKeyManagers(AlfrescoKeyStoreImpl.java:332) I'm sure I've created the certificates as it's explained in https://docs.alfresco.com/search-services/latest/config/keys/. Some more information about my installation. $ALF_HOME=/usr/local/alfresco-community $SOLR_HOME=/usr/local/alfresco-search-services Both Solr cores, alfresco and archive, are created. Alfresco keystore. $ALF_HOME/alf_data/keystore Solr keystore. $SOLR_HOME/solrhome/keystore Here is the content of the configuration files from Alfresco and Solr. server.xml
<Connector port="8443" protocol="HTTP/1.1"
connectionTimeout="2000"
SSLEnabled="true" maxThreads="150" scheme="https"
keystoreFile="/usr/local/alfresco-community/alf_data/keystore/ssl.keystore"
keystorePass="mysecretpassword" keystoreType="JCEKS" secure="true"
truststoreFile="/usr/local/alfresco-community/alf_data/keystore/ssl.truststore"
truststorePass="mysecretpassword" truststoreType="JCEKS"
clientAuth="want" sslProtocol="TLS">
</Connector> alfresco-global.properties
###############################
## Common Alfresco Properties #
###############################
#
# Sample custom content and index data location
#
dir.root=/usr/local/alfresco-community/alf_data
dir.keystore=${dir.root}/keystore
#
# Sample database connection properties
#
db.username=alfresco
db.password=alfresco
# db.poolmax=275
# db.pool.validate.query=SELECT 1
#
# PostgreSQL connection (requires postgresql-8.2-504.jdbc3.jar or equivalent)
#
db.driver=org.postgresql.Driver
db.url=jdbcostgresql://localhost:5432/alfresco
#
# Index Recovery Mode
#-------------
# index.recovery.mode=AUTO
#
# URL Generation Parameters (The ${localname} token is replaced by the local server name)
#-------------
alfresco.context=alfresco
alfresco.host=${localname}
alfresco.port=8080
alfresco.protocol=http
share.context=share
share.host=${localname}
share.port=8080
share.protocol=http
# localTransform.core-aio.url=http://localhost:8090/
#This property is default true, here it is for information purpose.
local.transform.service.enabled=true
messaging.broker.url=tcp://localhost:61616
#This property is default true, here it it for information purpose.
messaging.subsystem.autoStart=true
#If you have setup username and password for AMQ, then set the below properties. In my case i have kept default admin/admin
messaging.broker.username=admin
messaging.broker.password=admin
# notification.email.siteinvite=false
### License location ###
dir.license.external=/usr/local/alfresco-community
security.anyDenyDenies=false
smart.folders.enabled=false
alfresco.jmx.connector.enabled=false
solr.host=localhost
solr.port=8983
# solr.port.ssl=8983
solr.secureComms=https
solr.base.url=/solr
index.subsystem.name=solr6
# ssl encryption
encryption.ssl.keystore.location=${dir.keystore}/ssl.keystore
encryption.ssl.keystore.type=JCEKS
encryption.ssl.truststore.location=${dir.keystore}/ssl.truststore
encryption.ssl.truststore.type=JCEKS
# secret key keystore configuration
encryption.keystore.location=${dir.keystore}/keystore
encryption.keystore.type=JCEKS solr.in.sh
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Settings here will override settings in existing env vars or in bin/solr. The default shipped state
# of this file is completely commented.
# By default the script will use JAVA_HOME to determine which java
# to use, but you can set a specific path for Solr to use without
# affecting other Java applications on your server/workstation.
#SOLR_JAVA_HOME=""
# This controls the number of seconds that the solr script will wait for
# Solr to stop gracefully or Solr to start. If the graceful stop fails,
# the script will forcibly stop Solr. If the start fails, the script will
# give up waiting and display the last few lines of the logfile.
#SOLR_STOP_WAIT="180"
# Increase Java Heap as needed to support your indexing / query needs
#SOLR_HEAP="512m"
# Expert: If you want finer control over memory options, specify them directly
# Comment out SOLR_HEAP if you are using this though, that takes precedence
SOLR_JAVA_MEM="-Xms2g -Xmx2g"
# Enable verbose GC logging...
# * If this is unset, various default options will be selected depending on which JVM version is in use
# * For Java 8: if this is set, additional params will be added to specify the log file & rotation
# * For Java 9 or higher: each included opt param that starts with '-Xlog:gc', but does not include an
# output specifier, will have a 'file' output specifier (as well as formatting & rollover options)
# appended, using the effective value of the SOLR_LOGS_DIR.
#
#GC_LOG_OPTS='-Xlog:gc*' # (Java 9+)
#GC_LOG_OPTS="-verbose:gc -XX:+PrintHeapAtGC -XX:+PrintGCDetails \
# -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime"
# These GC settings have shown to work well for a number of common Solr workloads
#GC_TUNE="-XX:NewRatio=3 -XXurvivorRatio=4 etc.
# Set the ZooKeeper connection string if using an external ZooKeeper ensemble
# e.g. host1:2181,host2:2181/chroot
# Leave empty if not using SolrCloud
#ZK_HOST=""
# Set the ZooKeeper client timeout (for SolrCloud mode)
#ZK_CLIENT_TIMEOUT="15000"
# By default the start script uses "localhost"; override the hostname here
# for production SolrCloud environments to control the hostname exposed to cluster state
#SOLR_HOST="192.168.0.1"
# By default the start script uses UTC; override the timezone if needed
#SOLR_TIMEZONE="UTC"
# Set to true to activate the JMX RMI connector to allow remote JMX client applications
# to monitor the JVM hosting Solr; set to "false" to disable that behavior
# (false is recommended in production environments)
#ENABLE_REMOTE_JMX_OPTS="false"
# The script will use SOLR_PORT+10000 for the RMI_PORT or you can set it here
# RMI_PORT=18983
# Alfresco configuration. This file is automatically included by solr. You can define your custom settings here
SOLR_OPTS="$SOLR_OPTS -Dsolr.jetty.request.header.size=1000000 -Dsolr.jetty.threads.stop.timeout=300000 -Ddisable.configEdit=true"
# Anything you add to the SOLR_OPTS variable will be included in the java
# start command line as-is, in ADDITION to other options. If you specify the
# -a option on start script, those options will be appended as well. Examples:
#SOLR_OPTS="$SOLR_OPTS -Dsolr.autoSoftCommit.maxTime=3000"
#SOLR_OPTS="$SOLR_OPTS -Dsolr.autoCommit.maxTime=60000"
#SOLR_OPTS="$SOLR_OPTS -Dsolr.clustering.enabled=true"
# Location where the bin/solr script will save PID files for running instances
# If not set, the script will create PID files in $SOLR_TIP/bin
#SOLR_PID_DIR=
# Path to a directory for Solr to store cores and their data. By default, Solr will use server/solr
# If solr.xml is not stored in ZooKeeper, this directory needs to contain solr.xml
#SOLR_HOME=
# Solr provides a default Log4J configuration properties file in server/resources
# however, you may want to customize the log settings and file appender location
# so you can point the script to use a different log4j.properties file
#LOG4J_PROPS=/var/solr/log4j.properties
# Changes the logging level. Valid values: ALL, TRACE, DEBUG, INFO, WARN, ERROR, FATAL, OFF. Default is INFO
# This is an alternative to changing the rootLogger in log4j.properties
#SOLR_LOG_LEVEL=INFO
# Location where Solr should write logs to. Absolute or relative to solr start dir
SOLR_LOGS_DIR=../../logs
LOG4J_PROPS=$SOLR_LOGS_DIR/log4j.properties
# Enables log rotation, cleanup, and archiving during start. Setting SOLR_LOG_PRESTART_ROTATION=false will skip start
# time rotation of logs, and the archiving of the last GC and console log files. It does not affect Log4j configuration.
# This pre-startup rotation may need to be disabled depending how much you customize the default logging setup.
#SOLR_LOG_PRESTART_ROTATION=true
# Sets the port Solr binds to, default is 8983
SOLR_PORT=8983
# Uncomment to set SSL-related system properties
# Be sure to update the paths to the correct keystore for your environment
#SOLR_SSL_KEY_STORE=/home/shalin/work/oss/shalin-lusolr/solr/server/etc/solr-ssl.keystore.jks
#SOLR_SSL_KEY_STORE_PASSWORD=secret
#SOLR_SSL_KEY_STORE_TYPE=JCEKS
#SOLR_SSL_TRUST_STORE=/home/shalin/work/oss/shalin-lusolr/solr/server/etc/solr-ssl.keystore.jks
#SOLR_SSL_TRUST_STORE_PASSWORD=secret
#SOLR_SSL_TRUST_STORE_TYPE=JCEKS
#SOLR_SSL_NEED_CLIENT_AUTH=false
#SOLR_SSL_WANT_CLIENT_AUTH=false
# Uncomment if you want to override previously defined SSL values for HTTP client
# otherwise keep them commented and the above values will automatically be set for HTTP clients
SOLR_SSL_CLIENT_KEY_STORE=/usr/local/alfresco-search-services/solrhome/keystore/ssl-repo-client.keystore
SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=mysecretpassword
SOLR_SSL_CLIENT_KEY_STORE_TYPE=JCEKS
SOLR_SSL_CLIENT_TRUST_STORE=/usr/local/alfresco-search-services/solrhome/keystore/ssl-repo-client.truststore
SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=mysecretpassword
SOLR_SSL_CLIENT_TRUST_STORE_TYPE=JCEKS
SOLR_SSL_NEED_CLIENT_AUTH=true
SOLR_SSL_WANT_CLIENT_AUTH=false
# SOLR_OPTS="$SOLR_OPTS -Dsolr.allow.unsafe.resourceloading=true -Dsolr.ssl.checkPeerName=false -Dsolr.data.dir.root=$DIST_DIR/data -Dsolr.solr.model.dir=$DIST_DIR/data/alfrescoModels"
# Settings for authentication
# Please configure only one of SOLR_AUTHENTICATION_CLIENT_CONFIGURER or SOLR_AUTH_TYPE parameters
#SOLR_AUTHENTICATION_CLIENT_CONFIGURER="org.apache.solr.client.solrj.impl.PreemptiveBasicAuthConfigurer"
#SOLR_AUTH_TYPE="basic"
#SOLR_AUTHENTICATION_OPTS="-Dbasicauth=solrolrRocks"
# Settings for ZK ACL
#SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider \
# -DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider \
# -DzkDigestUsername=admin-user -DzkDigestPassword=CHANGEME-ADMIN-PASSWORD \
# -DzkDigestReadonlyUsername=readonly-user -DzkDigestReadonlyPassword=CHANGEME-READONLY-PASSWORD"
#SOLR_OPTS="$SOLR_OPTS $SOLR_ZK_CREDS_AND_ACLS"
SOLR_SOLR_HOST=localhost
SOLR_SOLR_PORT=8983
SOLR_SOLR_BASEURL=/solr
SOLR_ALFRESCO_HOST=localhost
SOLR_ALFRESCO_PORT=8080
SOLR_ALFRESCO_BASEURL=/alfresco Solr core alfresco/conf/solrcore.properties
#Thu Aug 25 10:19:57 UTC 2022
solr.backup=/usr/local/alfresco-search-services/solr6backup
solr.authorityCache.initialSize=64
alfresco.encryption.ssl.truststore.location=keystore/ssl-repo-client.truststore
# alfresco.encryption.ssl.truststore.location=/usr/local/alfresco-search-services/solrhome/keystore/ssl-repo-client.truststore
solr.suggester.minSecsBetweenBuilds=3600
solr.filterCache.size=256
alfresco.batch.count=5000
solr.initial.transaction.range=0-2000
alfresco.cascadeNodeBatchSize=10
alfresco.contentReadBatchSize=100
alfresco.corePoolSize=8
alfresco.metadata.getPathsInNodeBatches=true
data.dir.root=/usr/local/alfresco-search-services/solrhome/
alfresco.encryption.ssl.keystore.type=JCEKS
alfresco.nodeBatchSize=100
alfresco.template=rerank
solr.request.content.compress=false
solr.pathCache.initialSize=128
alfresco.encryption.ssl.truststore.type=JCEKS
alfresco.host=localhost
alfresco.lag=1000
alfresco.maxTotalConnections=200
alfresco.encryption.ssl.keystore.location=keystore/ssl-repo-client.keystore
# alfresco.encryption.ssl.keystore.location=/usr/local/alfresco-search-services/solrhome/keystore/ssl-repo-client.keystore
alfresco.encryption.ssl.truststore.provider=
alfresco.topTermSpanRewriteLimit=1000
alfresco.port.ssl=8443
alfresco.contentStreamLimit=10000000
solr.filterCache.initialSize=128
alfresco.changeSetAclsBatchSize=500
solr.ownerCache.initialSize=64
alfresco.admin.fix.maxScheduledTransactions=500
solr.suggester.enabled=true
alfresco.cron=0/10 * * * * ? *
alfresco.commitInterval=2000
data.dir.store=alfresco
solr.queryResultCache.initialSize=1024
solr.readerCache.autowarmCount=0
alfresco.threadDaemon=true
alfresco.newSearcherInterval=3000
solr.pathCache.size=256
alfresco.recordUnindexedNodes=false
alfresco.doPermissionChecks=true
solr.authorityCache.autowarmCount=4
solr.ownerCache.size=128
alfresco.metadata.skipDescendantDocsForSpecificTypes=false
alfresco.port=8080
alfresco.keepAliveTime=120
solr.documentCache.autowarmCount=512
solr.queryResultCache.size=1024
enable.alfresco.tracking=true
alfresco.workQueueSize=-1
solr.ownerCache.autowarmCount=0
solr.documentCache.size=1024
alfresco.hole.retention=3600000
alfresco.contentUpdateBatchSize=1000
alfresco.encryption.ssl.keystore.provider=
solr.queryResultMaxDocsCached=2048
alfresco.threadPriority=5
alfresco.baseUrl=/alfresco
solr.deniedCache.initialSize=64
solr.pathCache.autowarmCount=32
alfresco.socketTimeout=360000
solr.authorityCache.size=128
solr.readerCache.size=128
solr.filterCache.autowarmCount=32
alfresco.postfilter=true
alfresco.secureComms=https
solr.readerCache.initialSize=64
solr.maxBooleanClauses=10000
alfresco.metadata.ignore.datatype.1=app\:configurations
alfresco.metadata.ignore.datatype.0=cm\erson
alfresco.stores=workspace\://SpacesStore
solr.deniedCache.size=128
alfresco.aclBatchSize=100
solr.queryResultWindowSize=512
alfresco.hole.check.after=300000
alfresco.tracker.maxNodeLockMs=120000
solr.documentCache.initialSize=1024
shard.method=DB_ID
alfresco.metadata.skipDescendantDocsForSpecificAspects=false
alfresco.maxHostConnections=200
solr.deniedCache.autowarmCount=0
alfresco.maximumPoolSize=-1
solr.queryResultCache.autowarmCount=4
alfresco.transactionDocsBatchSize=2000 What can I have missed? Thanks
This message has 0 replies
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.