Good evening, Rick, and Happy Friday, I'm not an expert, especially running on Windows.
Some of the googling I did related to the "established connection aborted" seems to indicate that it could be related to issues in the network path from your command line to your localhost:8983. It doesn't seem specific to Java, based on the posts I saw. Several posters sought help debugging it in other scenarios on Windows. (That part of the text seems to be a Windows error message that gets copied into the Java exception error text.) So I wonder: if the JVM doesn't have privileges to lock pages in memory, do you know that it has privileges to connect to localhost:8983? HTH. Stay safe, stay healthy, Joe ________________________________ From: Hodder, Rick (Property and Casualty CIO) <richard.hod...@thehartford.com.INVALID> Sent: Friday, May 10, 2024 3:08 PM To: 'solr-u...@lucene.apache.org' <solr-u...@lucene.apache.org> Subject: RE: SOLR 8.11.1 SSL Enable Failing CAUTION: This email has originated from a source outside of USPTO. PLEASE CONSIDER THE SOURCE before responding, clicking on links, or opening attachments. I’ve asked this twice on here, and on stack overflow, with no answers. Is there another site that could give me guidance? Thanks, RICK HODDER Staff Software Engineer Global Specialty [The Hartford]<https://www.thehartford.com/> The Hartford 83 Wooster Heights Rd. | 2nd floor Danbury, CT, 06810 W: 475-329-6251 Email: richard.hod...@thehartford.com<mailto:richard.hod...@thehartford.com> www.thehartford.com<https://www.thehartford.com/> www.facebook.com/thehartford<https://www.facebook.com/thehartford> twitter.com/thehartford<https://twitter.com/thehartford> From: Hodder, Rick (Property and Casualty CIO) Sent: Tuesday, May 7, 2024 6:40 PM To: 'solr-u...@lucene.apache.org' <solr-u...@lucene.apache.org> Subject: SOLR 8.11.1 SSL Enable Failing I’m trying to enable SSL on SOLR 8.11.1 My network team purchased a certificate Imported into JDK into a file cacerts I copied that file to etc/solr-ssl.keystore.p12 I uncommented the SOLR SSL changed solr.in.cmd and set them as follows: REM Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. Use this config REM to enable https module with custom jetty configuration. set SOLR_SSL_ENABLED=true REM Uncomment to set SSL-related system properties REM Be sure to update the paths to the correct keystore for your environment set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.p12 set SOLR_SSL_KEY_STORE_PASSWORD=----------------- set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.p12 set SOLR_SSL_TRUST_STORE_PASSWORD=----------------- REM Require clients to authenticate set SOLR_SSL_NEED_CLIENT_AUTH=false REM Enable clients to authenticate (but not require) set SOLR_SSL_WANT_CLIENT_AUTH=false REM Verify client hostname during SSL handshake set SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false REM SSL Certificates contain host/ip "peer name" information that is validated by default. Setting REM this to false can be useful to disable these checks when re-using a certificate on many hosts set SOLR_SSL_CHECK_PEER_NAME=true REM Override Key/Trust Store types if necessary REM set SOLR_SSL_KEY_STORE_TYPE=PKCS12 REM set SOLR_SSL_TRUST_STORE_TYPE=PKCS12 I thin started solr from the command line, and this is what I saw: E:\ApacheSolr8_11_1>bin\solr.cmd start -p 8983 Java HotSpot(TM) 64-Bit Server VM warning: JVM cannot use large page memory because it does not have enough privilege to lock pages in memory. INFO - 2024-05-06 17:05:17.952; org.apache.solr.util.configuration.SSLConfigurations; Setting javax.net.ssl.keyStorePassword INFO - 2024-05-06 17:05:17.967; org.apache.solr.util.configuration.SSLConfigurations; Setting javax.net.ssl.trustStorePassword Waiting up to 30 to see Solr running on port 8983 INFO - 2024-05-06 17:05:27.966; org.apache.http.impl.execchain.RetryExec; I/O exception (java.net.SocketException) caught when processing request to {s}->https://localhost:8983: An established connection was aborted by the software in your host machine INFO - 2024-05-06 17:05:27.966; org.apache.http.impl.execchain.RetryExec; Retrying request to {s}->https://localhost:8983 INFO - 2024-05-06 17:05:30.014; org.apache.http.impl.execchain.RetryExec; I/O exception (java.net.SocketException) caught when processing request to {s}->https://localhost:8983: An established connection was aborted by the software in your host machine INFO - 2024-05-06 17:05:30.014; org.apache.http.impl.execchain.RetryExec; Retrying request to {s}->https://localhost:8983 INFO - 2024-05-06 17:05:34.087; org.apache.http.impl.execchain.RetryExec; I/O exception (java.net.SocketException) caught when processing request to {s}->https://localhost:8983: An established connection was aborted by the software in your host machine INFO - 2024-05-06 17:05:34.087; org.apache.http.impl.execchain.RetryExec; Retrying request to {s}->https://localhost:8983 INFO - 2024-05-06 17:05:34.103; org.apache.http.impl.execchain.RetryExec; I/O exception (java.net.SocketException) caught when processing request to {s}->https://localhost:8983: An established connection was aborted by the software in your host machine I've tried different combinations of SOLR_SSL_NEED_CLIENT_AUTH and SOLR_SSL_WANT_CLIENT_AUTH but the get the same result. The log doesnt show any error messages about SSL. Is there something obvious I'm missing? Any suggestions? Thanks, RICK HODDER Staff Software Engineer Global Specialty [The Hartford]<https://www.thehartford.com/> The Hartford 83 Wooster Heights Rd. | 2nd floor Danbury, CT, 06810 W: 475-329-6251 Email: richard.hod...@thehartford.com<mailto:richard.hod...@thehartford.com> www.thehartford.com<https://www.thehartford.com/> www.facebook.com/thehartford<https://www.facebook.com/thehartford> twitter.com/thehartford<https://twitter.com/thehartford> ****************************************************************************************************** This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ******************************************************************************************************
