In our previous article we have described steps for securing solr. When we do it first time one of the most common people faced is java.security.NoSuchAlgorithm exception.
Possible Root cause:
- SSL System property not set properly
- Wrong keystore and truststore file path specified in solr.in.cmd or solr.in.sh
- Exception thrown because of some other underlying exception like FileNotFound.
- Keystore and keypass passwords are different.
Complete stacktrace:
WARNING: javax.net.ssl.keyStore file solr-ssl.keystore.jks not found! https requ
ests to Solr will likely fail; please update your javax.net.ssl.keyStore setting
to use an absolute path.
WARNING: javax.net.ssl.trustStore file solr-ssl.keystore.jks not found! https re
quests to Solr will likely fail; please update your javax.net.ssl.trustStore set
ting to use an absolute path.
Waiting up to 30 to see Solr running on port 8983
INFO - 2017-11-05 18:52:09.165; org.apache.http.impl.client.DefaultRequestDirec
tor; I/O exception (java.net.SocketException) caught when connecting to {s}->htt
ps://localhost:8983: java.security.NoSuchAlgorithmException: Error constructing
implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.S
SLContextImpl$DefaultSSLContext)
INFO - 2017-11-05 18:52:11.400; org.apache.http.impl.client.DefaultRequestDirec
tor; Retrying connect to {s}->https://localhost:8983
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:214)
at org.eclipse.jetty.start.Main.start(Main.java:457)
at org.eclipse.jetty.start.Main.main(Main.java:75)
Caused by: java.lang.IllegalStateException: no valid keystore
at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(Certific
ateUtils.java:48)
at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextF
actory.java:971)
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.j
ava:250)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactor
y.java:217)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLife
Cycle.java:68)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLi
feCycle.java:131)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(Container
LifeCycle.java:113)
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFa
ctory.java:72)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLife
Cycle.java:68)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLi
feCycle.java:131)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(Container
LifeCycle.java:113)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.
java:268)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNet
workConnector.java:81)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java
:235)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLife
Cycle.java:68)
at org.eclipse.jetty.server.Server.doStart(Server.java:401)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLife
Cycle.java:68)
at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:15
16)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:144
1)
... 7 more
Usage: java -jar start.jar [options] [properties] [configs]
java -jar start.jar --help # for more information
INFO - 2017-11-05 18:52:13.437; org.apache.http.impl.client.DefaultRequestDirec
tor; I/O exception (java.net.SocketException) caught when connecting to {s}->htt
ps://localhost:8983: java.security.NoSuchAlgorithmException: Error constructing
implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.S
SLContextImpl$DefaultSSLContext)
INFO - 2017-11-05 18:52:13.447; org.apache.http.impl.client.DefaultRequestDirec
tor; Retrying connect to {s}->https://localhost:8983
INFO - 2017-11-05 18:52:13.457; org.apache.http.impl.client.DefaultRequestDirec
tor; I/O exception (java.net.SocketException) caught when connecting to {s}->htt
ps://localhost:8983: java.security.NoSuchAlgorithmException: Error constructing
implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.S
SLContextImpl$DefaultSSLContext)
Solution:
- Make sure that you have use same password.
- Specified full file path of keystore and truststore file.
Example:
set SOLR_SSL_KEY_STORE=D:\\solr-6.4.2\\solr-6.4.2\\bin\\solr-ssl.keystore.jks set SOLR_SSL_TRUST_STORE=D:\\solr-6.4.2\\solr-6.4.2\\bin\\solr-ssl.keystore.jks REM Incorrect file path REM set SOLR_SSL_KEY_STORE=solr-ssl.keystore.jks REM set SOLR_SSL_TRUST_STORE=solr-ssl.keystore.jks set SOLR_SSL_KEY_STORE_PASSWORD=secret set SOLR_SSL_KEY_STORE_TYPE=JKS set SOLR_SSL_TRUST_STORE_PASSWORD=secret set SOLR_SSL_TRUST_STORE_TYPE=JKS set SOLR_SSL_NEED_CLIENT_AUTH=false set SOLR_SSL_WANT_CLIENT_AUTH=false
Refer Securing Solr for more details.
Was this post helpful?
Let us know if you liked the post. That’s the only way we can improve.
