Need help installing ACS 6.2 Community (with TLS): Currently having issued with Certificates

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Active Member

Need help installing ACS 6.2 Community (with TLS): Currently having issued with Certificates

Jump to solution

Hello,

I am trying to install ACS 6.2 and Search-Services woth mutual TLS and have gone through ALL the docs.  I get errors (posted in second message) while trying to secure sommunication between Alfresco Repo and Solr 

Would appreciate if someone can help me install Alfresco and check logs to confirm correct install by guiding my through Team-Viewer or Google Meets (with screen sharing)

I am willing to pay for helping me to install using team-viewer though Paypal.

Thanks

Regards,

GB

PS: I would like to install 6.2 (not lower version)

 

1 Solution

Accepted Solutions
Highlighted
Active Member

Re: Need help installing ACS 6.2 Community (with TLS): Currently having issued with Certificates

Jump to solution

Found the Fault :

The documentation at : https://docs.alfresco.com/search-enterprise/tasks/keys-setup.html says you put solr.port.ssl=8984. Thats actually not correct unless you change your solr.in.sh accordingly. The correct value as mentioned in : https://hub.alfresco.com/t5/alfresco-content-services-forum/alfresco-ce-6-2-search-not-working is 8983 unless you mention something else in solr.in.sh.

Also 2 more things :

1. Search 1.4 does not work instead downgrading to 1.3 makes it work. This was mentioned in 

https://hub.alfresco.com/t5/alfresco-content-services-forum/alfresco-ce-6-2-search-not-working

 

2. The fact that you need to add the repo & solr user in tomcat-users.xml was also not mentioned. (this wasnt mentioned anywhere in the forum (that I could find)

View solution in original post

7 Replies
Highlighted
Active Member

Re: Need help installing ACS 6.2 Community (with TLS): Currently having issued with Certificates

Jump to solution

Update logs :

alfresco.log

aused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:313)
    at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1147)
    at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1117)
    at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:816)
    at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252)
    at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:271)
    at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
    at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
    at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1116)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1413)
    at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1973)
    at org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1735)
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1098)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
    at org.alfresco.repo.search.impl.solr.AbstractSolrQueryHTTPClient.postQuery(AbstractSolrQueryHTTPClient.java:95)
    at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.postSolrQuery(SolrQueryHTTPClient.java:1115)
    at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.executeQuery(SolrQueryHTTPClient.java:582)
    ... 98 more
 
 
solr.log
 
 
2020-06-17 22:25:10.444 ERROR (org.alfresco.solr.AlfrescoCoreAdminHandler@5116ac09_Worker-11) [   ] o.a.s.t.AbstractTracker Tracking failed for MetadataTracker - archive
java.lang.NoSuchMethodError'void org.alfresco.solr.client.GetNodesParameters.setCoreName(java.lang.String)'
    at org.alfresco.solr.tracker.MetadataTracker.indexBatchOfTransactions(MetadataTracker.java:904)
    at org.alfresco.solr.tracker.MetadataTracker.trackTransactions(MetadataTracker.java:774)
    at org.alfresco.solr.tracker.MetadataTracker.trackRepository(MetadataTracker.java:206)
    at org.alfresco.solr.tracker.MetadataTracker.doTrack(MetadataTracker.java:127)
    at org.alfresco.solr.tracker.AbstractTracker.track(AbstractTracker.java:217)
    at org.alfresco.solr.tracker.TrackerJob.execute(TrackerJob.java:47)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
 
 
Alfresco-Global.properties :
index.subsystem.name=solr6
solr.secureComms=https
solr.host=localhost
solr.port=8983
solr.port.ssl=18443
solr.base.url=/solr
 
 
Solorcore.properties:
alfresco.port.ssl=18443
 
These ports need to be different or same ?
 
Also if I set solr.port.ssl to 8984, do I need to define another connectors for 8983 & 8984 in Tomcat server.xml with keys pointing to solr ?
Highlighted
Alfresco Employee

Re: Need help installing ACS 6.2 Community (with TLS): Currently having issued with Certificates

Jump to solution

Did you try https://github.com/Alfresco/alfresco-docker-installer?

This project provides a configuration for mTLS so, despite you're not using Docker, you can check how that feature needs to be configured.

Software Engineer in Alfresco Search Team.
Highlighted
Active Member

Re: Need help installing ACS 6.2 Community (with TLS): Currently having issued with Certificates

Jump to solution

@angelborroy The documentation at : https://docs.alfresco.com/search-enterprise/tasks/keys-setup.html instructs to put solr.port.ssl=8984. Thats actually not correct unless you change your solr.in.sh accordingly. The correct value should be 8983 since solr runs https also on the same port automatically once the keys are in place.

Also the documentation doesnt mention adding keynames "CN=....... " to tomcat-users.xml.

Also I can confirm Alfreso Search 1.4 doesnt run correctly. One has to run Search 1.3 to build index.

 

Highlighted
Active Member

Re: Need help installing ACS 6.2 Community (with TLS): Currently having issued with Certificates

Jump to solution

Found the Fault :

The documentation at : https://docs.alfresco.com/search-enterprise/tasks/keys-setup.html says you put solr.port.ssl=8984. Thats actually not correct unless you change your solr.in.sh accordingly. The correct value as mentioned in : https://hub.alfresco.com/t5/alfresco-content-services-forum/alfresco-ce-6-2-search-not-working is 8983 unless you mention something else in solr.in.sh.

Also 2 more things :

1. Search 1.4 does not work instead downgrading to 1.3 makes it work. This was mentioned in 

https://hub.alfresco.com/t5/alfresco-content-services-forum/alfresco-ce-6-2-search-not-working

 

2. The fact that you need to add the repo & solr user in tomcat-users.xml was also not mentioned. (this wasnt mentioned anywhere in the forum (that I could find)

View solution in original post

Highlighted
Community Manager
Community Manager

Re: Need help installing ACS 6.2 Community (with TLS): Currently having issued with Certificates

Jump to solution

Hi @gb123alf2,

Great that you found a solution - & thanks for reporting back how you solved your problem, really helpful to other users.

I'll ask someone to review the documentation in the light of your comments.

Take care, 

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
Highlighted
Community Manager
Community Manager

Re: Need help installing ACS 6.2 Community (with TLS): Currently having issued with Certificates

Jump to solution

Hi @gb123alf2,

There is a suggestion form at the foot of each doc page. Perhaps you could add your observation there re: solr.port.ssl configuration settings, etc? That might help the docs team & others by extension.

Suggestions formSuggestions form Thanks & take care,

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
Highlighted
Active Member

Re: Need help installing ACS 6.2 Community (with TLS): Currently having issued with Certificates

Jump to solution

I have submitted my suggestion as you had asked.