In our previous article we have described steps for securing solr. When we do it first time one of the most common people faced is java.security.NoSuchAlgorithm exception.

Possible Root cause:

  1. SSL System property not set properly
  2. Wrong keystore and truststore file path specified in solr.in.cmd or solr.in.sh
  3. Exception thrown because of some other underlying exception like FileNotFound.
  4. Keystore and keypass passwords are different.

Complete stacktrace:

WARNING: javax.net.ssl.keyStore file solr-ssl.keystore.jks not found! https requ
ests to Solr will likely fail; please update your javax.net.ssl.keyStore setting
 to use an absolute path.
WARNING: javax.net.ssl.trustStore file solr-ssl.keystore.jks not found! https re
quests to Solr will likely fail; please update your javax.net.ssl.trustStore set
ting to use an absolute path.
Waiting up to 30 to see Solr running on port 8983
INFO  - 2017-11-05 18:52:09.165; org.apache.http.impl.client.DefaultRequestDirec
tor; I/O exception (java.net.SocketException) caught when connecting to {s}->htt
ps://localhost:8983: java.security.NoSuchAlgorithmException: Error constructing
implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.S
SLContextImpl$DefaultSSLContext)
INFO  - 2017-11-05 18:52:11.400; org.apache.http.impl.client.DefaultRequestDirec
tor; Retrying connect to {s}->https://localhost:8983
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.eclipse.jetty.start.Main.invokeMain(Main.java:214)
        at org.eclipse.jetty.start.Main.start(Main.java:457)
        at org.eclipse.jetty.start.Main.main(Main.java:75)
Caused by: java.lang.IllegalStateException: no valid keystore
        at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(Certific
ateUtils.java:48)
        at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextF
actory.java:971)
        at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.j
ava:250)
        at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactor
y.java:217)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLife
Cycle.java:68)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLi
feCycle.java:131)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(Container
LifeCycle.java:113)
        at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFa
ctory.java:72)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLife
Cycle.java:68)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLi
feCycle.java:131)
        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(Container
LifeCycle.java:113)
        at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.
java:268)
        at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNet
workConnector.java:81)
        at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java
:235)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLife
Cycle.java:68)
        at org.eclipse.jetty.server.Server.doStart(Server.java:401)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLife
Cycle.java:68)
        at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:15
16)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:144
1)
        ... 7 more

Usage: java -jar start.jar [options] [properties] [configs]
       java -jar start.jar --help  # for more information
INFO  - 2017-11-05 18:52:13.437; org.apache.http.impl.client.DefaultRequestDirec
tor; I/O exception (java.net.SocketException) caught when connecting to {s}->htt
ps://localhost:8983: java.security.NoSuchAlgorithmException: Error constructing
implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.S
SLContextImpl$DefaultSSLContext)
INFO  - 2017-11-05 18:52:13.447; org.apache.http.impl.client.DefaultRequestDirec
tor; Retrying connect to {s}->https://localhost:8983
INFO  - 2017-11-05 18:52:13.457; org.apache.http.impl.client.DefaultRequestDirec
tor; I/O exception (java.net.SocketException) caught when connecting to {s}->htt
ps://localhost:8983: java.security.NoSuchAlgorithmException: Error constructing
implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.S
SLContextImpl$DefaultSSLContext)

Solution:

  1. Make sure that you have use same password.
  2. Specified full file path of keystore and truststore file.

Example:

set SOLR_SSL_KEY_STORE=D:\\solr-6.4.2\\solr-6.4.2\\bin\\solr-ssl.keystore.jks
set SOLR_SSL_TRUST_STORE=D:\\solr-6.4.2\\solr-6.4.2\\bin\\solr-ssl.keystore.jks
REM Incorrect file path
REM set SOLR_SSL_KEY_STORE=solr-ssl.keystore.jks 
REM set SOLR_SSL_TRUST_STORE=solr-ssl.keystore.jks
set SOLR_SSL_KEY_STORE_PASSWORD=secret
set SOLR_SSL_KEY_STORE_TYPE=JKS
set SOLR_SSL_TRUST_STORE_PASSWORD=secret
set SOLR_SSL_TRUST_STORE_TYPE=JKS
set SOLR_SSL_NEED_CLIENT_AUTH=false
set SOLR_SSL_WANT_CLIENT_AUTH=false

Refer Securing Solr for more details.

 

Was this post helpful?
Let us know, if you liked the post. Only in this way, we can improve us.
Yes
No

Leave a Reply

Your email address will not be published. Required fields are marked *