[jira] [Resolved] (SOLR-16161) FIPS and Java 17.0.2 error on startup - server/NONE is not a valid keystore

Wed, 26 Oct 2022 07:32:04 -0700 


     [ 
https://issues.apache.org/jira/browse/SOLR-16161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Risden resolved SOLR-16161.
---------------------------------
    Resolution: Not A Problem

This seems like you are probably using fips specific keystore types that aren't 
enabled without the FIPS flag enabled - 
https://access.redhat.com/documentation/ru-ru/openjdk/8/html/configuring_openjdk_8_on_rhel_with_fips/config-fips-in-openjdk

There isn't much the Solr project can do since the FIPS stuff lives outside of 
Solr.

> FIPS and Java 17.0.2 error on startup - server/NONE is not a valid keystore
> ---------------------------------------------------------------------------
>
>                 Key: SOLR-16161
>                 URL: https://issues.apache.org/jira/browse/SOLR-16161
>             Project: Solr
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 8.11.1
>         Environment: Solr 8.11.1
> java -version
> openjdk version "17.0.2" 2022-01-18 LTS
> OpenJDK Runtime Environment 21.9 (build 17.0.2+8-LTS)
> OpenJDK 64-Bit Server VM 21.9 (build 17.0.2+8-LTS, mixed mode, sharing)
>  
> cat /etc/centos-release
> CentOS Stream release 8
>            Reporter: John Thorhauer
>            Priority: Major
>
> We are running Solr in a FIPS enabled linux environment.  After upgrading 
> Java to 17.0.2 we now receive the following error while starting Solr:
>  
> 2022-04-20 11:40:03.700 ERROR (main) [   ] o.a.s.c.SolrCore null => 
> org.apache.solr.common.SolrException: Error instantiating shardHandlerFactory 
> class [HttpShardHandlerFactory]: java.lang.IllegalStateException: 
> /opt/solr-8.11.1/server/NONE is not a valid keystore
>         at 
> org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56)
> .....
> Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: 
> /opt/solr-8.11.1/server/NONE is not a valid keystore
>         at 
> org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:234)
>  ~[solr-solrj-8.11.1.jar:8.11.1 0b002b11819df70783e83ef36b42ed1223c14b50 - 
> janhoy - 2021-12-14 13:50:57] 
>  
> We noticed that adding the following allows the server to start properly:
> SOLR_OPTS="$SOLR_OPTS -Dcom.redhat.fips=false"
>  
> However, adding the following does NOT have any effect:
> SOLR_OPTS="$SOLR_OPTS -Dcom.redhat.fips.plainKeySupport=true"



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to