Solr error unknown_ca

cancel
Showing results for 
Search instead for 
Did you mean: 
Korn
Member II

Solr error unknown_ca

Hello

 

I have a problem with alfresco6.2 community and alfresco-search-services 1.4

The communication should be on TLS

The Key and truststores i created with the alfresco ssl-tool

alfresco 6.2 is running with tomcat9

for the communication to www there is an another ca Certicated implemented

The alfresco tool works in the first look very well

I can login (authentication against a ldap server), can upload files ..

 

I have tested the solr Connection with the IP adress or localhost or the name of the server

In the trsustore is included the chainfile from ca Certificate

 

In the log Files are many errors

Alfresco Logfile

DEBUG [org.alfresco.repo.jscript.Search] [http-nio-8080-exec-4] Failed to execute search: (Debian AND +TYPE:"cm:content") AND -TYPE:"cm:thumbnail" AND -TYPE:"cm:failedThumbnail" AND -TYPE:"cm:rating" AND -TYPE:"fmSmiley Tongueost" AND -ASPECT:"sys:hidden" AND -cm:creatorSmiley Frustratedystem
org.alfresco.repo.search.impl.lucene.LuceneQueryParserException: 03260058 Request failed 500 /solr/alfresco/afts?wt=json&fl=DBID%2Cscore&rows=5&df=keywords&start=0&locale=de&alternativeDic=DEFAULT_DICTIONARY&fq=%7B%21afts%7DAUTHORITY_FILTER_FROM_JSON&fq=%7B%21afts%7DTENANT_FILTER_FROM_JSON
at org.alfresco.repo.search.impl.solr.AbstractSolrQueryHTTPClient.postQuery(AbstractSolrQueryHTTPClient.java:108)
at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.postSolrQuery(SolrQueryHTTPClient.java:1115)
at org.alfresco.repo.search.impl.solr.SolrQueryHTTPClient.executeQuery(SolrQueryHTTPClient.java:582)
at org.alfresco.repo.search.impl.solr.SolrQueryLanguage.executeQuery(SolrQueryLanguage.java:52)
at





2021-04-26 16:40:24,662 TRACE [org.alfresco.repo.security.authentication.AlfrescoSecureContextImpl] [defaultThreadPool1] Setting real authentication to: aa****
2021-04-26 16:40:24,662 TRACE [org.alfresco.repo.security.authentication.AlfrescoSecureContextImpl] [defaultThreadPool1] Setting effective authentication to: aa****
2021-04-26 16:40:24,662 DEBUG [org.alfresco.repo.jscript.Search] [http-nio-8080-exec-4] query time: 20ms
2021-04-26 16:40:24,662 TRACE [org.alfresco.util.transaction.SpringAwareUserTransaction] [defaultThreadPool1] Getting transaction for [defaultThreadPool1-beaf3257-3a0a-4341-ab9d-b6641dff9f8e]
2021-04-26 16:40:24,662 DEBUG [org.alfresco.util.transaction.SpringAwareUserTransaction] [defaultThreadPool1] Began user transaction: UserTransaction[object=org.alfresco.util.transaction.SpringAwareUserTransaction@4d7c8933, status=0]
2021-04-26 16:40:24,662 DEBUG [org.alfresco.util.transaction.TransactionSupportUtil] [defaultThreadPool1] Bound txn synch: TransactionSychronizationImpl[ txnId=66fe874e-0d05-4cfd-8c9f-344e8d016eff] with txn name: defaultThreadPool1-81807601-4d32-4b4e-95e3-3077e66e8fbc
2021-04-26 16:40:24,663 TRACE [org.alfresco.util.transaction.TransactionSupportUtil] [defaultThreadPool1] Bound resource to defaultThreadPool1-81807601-4d32-4b4e-95e3-3077e66e8fbc:
key: RetryingTransactionHelper.ActiveTxn
resource: UserTransaction[object=org.alfresco.util.transaction.SpringAwareUserTransaction@4d7c8933, status=0]
2021-04-26 16:40:24,663 DEBUG [org.alfresco.repo.audit.inbound] [defaultThreadPool1]


Inbound audit values:
/alfresco-api/post/SearchService/query/error=03260058 Request failed 500

 

SOLR Logfile

2021-04-27 09:30:13.425 WARN (searcherExecutor-7-thread-1-processing-x:archive) [ x:archive] o.a.s.c.CoreDescriptorDecorator Unable to locate alfresco host|port|baseUrl|ssl properties
java.lang.NullPointerException
at java.base/java.util.concurrent.ConcurrentHashMap.putVal(ConcurrentHashMap.java:1011)
at java.base/java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:1006)
at java.base/java.util.Properties.put(Properties.java:1340)
at org.apache.solr.core.CoreDescriptorDecorator.lambda$new$0(CoreDescriptorDecorator.java:87)
at java.base/java.lang.Iterable.forEach(Iterable.java:75)
at org.apache.solr.core.CoreDescriptorDecorator.<init>(CoreDescriptorDecorator.java:86)
at org.alfresco.solr.lifecycle.SolrCoreLoadRegistration.registerForCore(SolrCoreLoadRegistration.java:68)
at org.alfresco.solr.lifecycle.SolrCoreLoadListener.newSearcher(SolrCoreLoadListener.java:44)
at org.apache.solr.core.SolrCore.lambda$getSearcher$15(SolrCore.java:2249)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:229)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
2021-04-27 09:30:13.425 WARN (searcherExecutor-8-thread-1-processing-x:alfresco) [ x:alfresco] o.a.s.c.CoreDescriptorDecorator Unable to locate alfresco host|port|baseUrl|ssl properties
java.lang.NullPointerException
at java.base/java.util.concurrent.ConcurrentHashMap.putVal(ConcurrentHashMap.java:1011)
at java.base/java.util.concurrent.ConcurrentHashMap.put(ConcurrentHashMap.java:1006)
at java.base/java.util.Properties.put(Properties.java:1340)
at org.apache.solr.core.CoreDescriptorDecorator.lambda$new$0(CoreDescriptorDecorator.java:87)
at java.base/java.lang.Iterable.forEach(Iterable.java:75)
at org.apache.solr.core.CoreDescriptorDecorator.<init>(CoreDescriptorDecorator.java:86)
at org.alfresco.solr.lifecycle.SolrCoreLoadRegistration.registerForCore(SolrCoreLoadRegistration.java:68)
at org.alfresco.solr.lifecycle.SolrCoreLoadListener.newSearcher(SolrCoreLoadListener.java:44)
at org.apache.solr.core.SolrCore.lambda$getSearcher$15(SolrCore.java:2249)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:229)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
2021-04-27 09:30:13.459 INFO (qtp1691875296-22) [ ] o.a.s.s.HttpSolrCall [admin] webapp=null path=/admin/info/logging params={wt=json&_=1619443155880&since=0} status=0 QTime=0
2021-04-27 09:30:13.474 INFO (searcherExecutor-7-thread-1-processing-x:archive) [ x:archive] o.a.r.d.AbstractDictionaryRegistry Init core dictionary: model count = 0 in 0 msecs [Thread[searcherExecutor-7-thread-1-processing-x:archive,5,main]]



2021-04-27 09:30:13.894 DEBUG (searcherExecutor-8-thread-1-processing-x:alfresco) [ x:alfresco] o.a.c.h.MultiThreadedHttpConnectionManager Allocating new connection, hostConfig=HostConfiguration[host=https://127.0.0.1:8443]
2021-04-27 09:30:13.897 TRACE (searcherExecutor-8-thread-1-processing-x:alfresco) [ x:alfresco] o.a.c.h.HttpMethodDirector Attempt number 1 to process request
2021-04-27 09:30:13.898 TRACE (searcherExecutor-8-thread-1-processing-x:alfresco) [ x:alfresco] o.a.c.h.HttpConnection enter HttpConnection.open()
2021-04-27 09:30:13.898 DEBUG (searcherExecutor-8-thread-1-processing-x:alfresco) [ x:alfresco] o.a.c.h.HttpConnection Open connection to 127.0.0.1:8443

 


2021-04-27 09:30:14.016 TRACE (searcherExecutor-8-thread-1-processing-x:alfresco) [ x:alfresco] o.a.c.h.HttpConnection enter HttpConnection.write(byte[])

 

2021-04-27 09:30:58.065 DEBUG (searcherExecutor-8-thread-1-processing-x:alfresco) [ x:alfresco] o.a.c.h.MultiThreadedHttpConnectionManager Notifying no-one, there are no waiting threads
2021-04-27 09:30:58.065 ERROR (searcherExecutor-8-thread-1-processing-x:alfresco) [ x:alfresco] o.a.s.t.AbstractTracker Model tracking failed for core: alfresco
javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca

 

I hope you have an idea for me

3 Replies
angelborroy
Alfresco Employee

Re: Solr error unknown_ca

Unable to locate alfresco host|port|baseUrl|ssl properties

That means that not all the required properties are present in solrcore.properties file for the SOLR Core.

What is you configuration related to Alfresco Repository mTLS in that file?

Software Engineer in Alfresco Search Team.
Korn
Member II

Re: Solr error unknown_ca

Thank you for your reading my question, here is my solrcore.properties for the core alfresco:

alfresco.nodeBatchSize=100
alfresco.template=rerank
solr.pathCache.initialSize=128
alfresco.encryption.ssl.truststore.type=JCEKS
alfresco.host=127.0.0.1
alfresco.lag=1000
alfresco.maxTotalConnections=200
alfresco.encryption.ssl.keystore.location=/opt/alfresco-search-services/solrhome/alfresco/conf/ssl.repo.client.keystore
alfresco.encryption.ssl.truststore.provider=
alfresco.topTermSpanRewriteLimit=1000
alfresco.port.ssl=8443
alfresco.contentStreamLimit=10000000
solr.filterCache.initialSize=128
alfresco.changeSetAclsBatchSize=500
solr.ownerCache.initialSize=64
solr.suggester.enabled=true
alfresco.cron=0/10 * * * * ? *
alfresco.commitInterval=2000
data.dir.store=alfresco
alfresco.encryption.ssl.truststore.passwordFileLocation=/opt/alfresco-search-services/solrhome/alfresco/conf/ssl-truststore-passwords.properties
solr.queryResultCache.initialSize=1024
solr.readerCache.autowarmCount=0
alfresco.threadDaemon=true
alfresco.newSearcherInterval=3000
solr.pathCache.size=256
alfresco.recordUnindexedNodes=false
alfresco.doPermissionChecks=true
solr.authorityCache.autowarmCount=4
solr.ownerCache.size=128
alfresco.metadata.skipDescendantDocsForSpecificTypes=false
#alfresco.port=8080
alfresco.keepAliveTime=120
solr.documentCache.autowarmCount=512
solr.queryResultCache.size=1024
enable.alfresco.tracking=true
alfresco.workQueueSize=-1
solr.ownerCache.autowarmCount=0
solr.documentCache.size=1024
alfresco.hole.retention=3600000
alfresco.contentUpdateBatchSize=1000
alfresco.encryption.ssl.keystore.type=JCEKS
solr.queryResultMaxDocsCached=2048
alfresco.threadPriority=5
alfresco.baseUrl=/alfresco
solr.deniedCache.initialSize=64
solr.pathCache.autowarmCount=32
alfresco.socketTimeout=360000
solr.authorityCache.size=128
solr.readerCache.size=128
solr.filterCache.autowarmCount=32
alfresco.postfilter=true
alfresco.secureComms=https
solr.readerCache.initialSize=64
solr.maxBooleanClauses=10000
alfresco.metadata.ignore.datatype.1=app\:configurations
alfresco.metadata.ignore.datatype.0=cm\Smiley Tongueerson
alfresco.stores=workspace\://SpacesStore
solr.deniedCache.size=128
alfresco.aclBatchSize=100
solr.queryResultWindowSize=512
alfresco.hole.check.after=300000
solr.documentCache.initialSize=1024
shard.method=DB_ID
alfresco.metadata.skipDescendantDocsForSpecificAspects=false
alfresco.maxHostConnections=200
solr.deniedCache.autowarmCount=0
alfresco.encryption.ssl.keystore.passwordFileLocation=/opt/alfresco-search-services/solrhome/alfresco/conf/ssl-keystore-passwords.properties
alfresco.maximumPoolSize=-1
solr.queryResultCache.autowarmCount=4
alfresco.transactionDocsBatchSize=500

Korn
Member II

Re: Solr error unknown_ca

Whith the line  alfresco.port=8080

the error is always:

Tracking failed for AclTracker:  received fatal alert unknown_ca