SSL Issue

[sanbales]

When trying to commit a new Org from MDK, the server returns a 500 and shows the following error:

web_1     | javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
web_1     |     at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:440)
web_1     |     at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:244)
web_1     |     at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:108)
web_1     |     at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:149)
web_1     |     at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
web_1     |     at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
web_1     |     at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
web_1     |     at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
web_1     |     at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
web_1     |     at gov.nasa.jpl.view_repo.webscripts.util.ShareUtils.makeSharePostCall(ShareUtils.java:158)
web_1     |     at gov.nasa.jpl.view_repo.webscripts.util.ShareUtils.constructSiteDashboard(ShareUtils.java:110)
web_1     |     at gov.nasa.jpl.view_repo.webscripts.OrgPost.executeImplImpl(OrgPost.java:118)
web_1     |     at gov.nasa.jpl.view_repo.webscripts.OrgPost.executeImpl(OrgPost.java:78)
web_1     |     at gov.nasa.jpl.view_repo.webscripts.DeclarativeJavaWebScript.execute(DeclarativeJavaWebScript.java:98)
web_1     |     at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:512)
web_1     |     at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:457)
web_1     |     at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:580)
web_1     |     at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:649)
web_1     |     at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:421)
web_1     |     at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:301)
web_1     |     at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:382)
web_1     |     at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210)
web_1     |     at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
web_1     |     at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
web_1     |     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
web_1     |     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
web_1     |     at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
web_1     |     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
web_1     |     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
web_1     |     at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)
web_1     |     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
web_1     |     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
web_1     |     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
web_1     |     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
web_1     |     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:498)
web_1     |     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
web_1     |     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
web_1     |     at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:1025)
web_1     |     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
web_1     |     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
web_1     |     at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1139)
web_1     |     at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
web_1     |     at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
web_1     |     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
web_1     |     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
web_1     |     at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
web_1     |     at java.lang.Thread.run(Thread.java:748)

[HuiJun]

This is caused by an invalid or expired ssl cert on the tomcat server. It may be that the provided self signed cert in the alfresco installation package has expired. There's a couple options you can take here. You could inject a valid cert, most likely, self signed, which would be the preferred way, but also the most amount of work. You could also set the options in alfresco-global.properties to use http instead of https. A third option is to add a reverse proxy in front and put an ssl cert in there, but that would be only nominally less work than doing the whole keystore/truststore thing for tomcat.

[sanbales]

Thank you, Jason!

I tried changing the https to http in the /usr/local/tomcat/shared/classes/alfresco-global.properties. It still breaks with the following error when trying to commit an new Org from Cameo:

web_1     | org.apache.commons.httpclient.ProtocolException: The server localhost failed to respond with a valid HTTP response
web_1     |     at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1987)
web_1     |     at org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1735)
web_1     |     at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1098)
web_1     |     at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
web_1     |     at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
web_1     |     at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
web_1     |     at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
web_1     |     at gov.nasa.jpl.view_repo.webscripts.util.ShareUtils.makeSharePostCall(ShareUtils.java:158)
web_1     |     at gov.nasa.jpl.view_repo.webscripts.util.ShareUtils.constructSiteDashboard(ShareUtils.java:110)
web_1     |     at gov.nasa.jpl.view_repo.webscripts.OrgPost.executeImplImpl(OrgPost.java:118)
web_1     |     at gov.nasa.jpl.view_repo.webscripts.OrgPost.executeImpl(OrgPost.java:78)
web_1     |     at gov.nasa.jpl.view_repo.webscripts.DeclarativeJavaWebScript.execute(DeclarativeJavaWebScript.java:98)
web_1     |     at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:512)
web_1     |     at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:457)
web_1     |     at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:580)
web_1     |     at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:649)
web_1     |     at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:421)
web_1     |     at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:301)
web_1     |     at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:382)
web_1     |     at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210)
web_1     |     at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
web_1     |     at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
web_1     |     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
web_1     |     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
web_1     |     at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
web_1     |     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
web_1     |     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
web_1     |     at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)
web_1     |     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
web_1     |     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
web_1     |     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
web_1     |     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
web_1     |     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:498)
web_1     |     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
web_1     |     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
web_1     |     at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:1025)
web_1     |     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
web_1     |     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
web_1     |     at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1139)
web_1     |     at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
web_1     |     at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
web_1     |     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
web_1     |     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
web_1     |     at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
web_1     |     at java.lang.Thread.run(Thread.java:748)

It also seems to break something with the tracking of SOLR workers.

web_1     |  2019-02-11 03:02:45,037  ERROR [solr.tracker.AbstractTracker] [SolrTrackerScheduler_Worker-29] Tracking failed
web_1     |  org.alfresco.error.AlfrescoRuntimeException: 01110234 Initial acl transaction not found with correct timestamp
web_1     |     at org.alfresco.solr.tracker.AclTracker.checkRepoAndIndexConsistency(AclTracker.java:361)
web_1     |     at org.alfresco.solr.tracker.AclTracker.trackRepository(AclTracker.java:313)
web_1     |     at org.alfresco.solr.tracker.AclTracker.doTrack(AclTracker.java:104)
web_1     |     at org.alfresco.solr.tracker.AbstractTracker.track(AbstractTracker.java:185)
web_1     |     at org.alfresco.solr.tracker.TrackerJob.execute(TrackerJob.java:47)
web_1     |     at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
web_1     |     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
web_1     | 2019-02-11 03:02:45,047  ERROR [solr.tracker.AbstractTracker] [SolrTrackerScheduler_Worker-9] Tracking failed
web_1     |  org.alfresco.error.AlfrescoRuntimeException: 01110235 Initial transaction not found with correct timestamp
web_1     |     at org.alfresco.solr.tracker.MetadataTracker.checkRepoAndIndexConsistency(MetadataTracker.java:214)
web_1     |     at org.alfresco.solr.tracker.MetadataTracker.trackRepository(MetadataTracker.java:132)
web_1     |     at org.alfresco.solr.tracker.MetadataTracker.doTrack(MetadataTracker.java:103)
web_1     |     at org.alfresco.solr.tracker.AbstractTracker.track(AbstractTracker.java:185)
web_1     |     at org.alfresco.solr.tracker.TrackerJob.execute(TrackerJob.java:47)
web_1     |     at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
web_1     |     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
web_1     | 2019-02-11 03:02:45,050  ERROR [solr.tracker.AbstractTracker] [SolrTrackerScheduler_Worker-28] Tracking failed
web_1     |  org.alfresco.error.AlfrescoRuntimeException: 01110232 Initial transaction not found with correct timestamp
web_1     |     at org.alfresco.solr.tracker.MetadataTracker.checkRepoAndIndexConsistency(MetadataTracker.java:214)
web_1     |     at org.alfresco.solr.tracker.MetadataTracker.trackRepository(MetadataTracker.java:132)
web_1     |     at org.alfresco.solr.tracker.MetadataTracker.doTrack(MetadataTracker.java:103)
web_1     |     at org.alfresco.solr.tracker.AbstractTracker.track(AbstractTracker.java:185)
web_1     |     at org.alfresco.solr.tracker.TrackerJob.execute(TrackerJob.java:47)
web_1     |     at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
web_1     |     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)
web_1     | 2019-02-11 03:02:45,068  ERROR [solr.tracker.AbstractTracker] [SolrTrackerScheduler_Worker-13] Tracking failed
web_1     |  org.alfresco.error.AlfrescoRuntimeException: 01110233 Initial acl transaction not found with correct timestamp
web_1     |     at org.alfresco.solr.tracker.AclTracker.checkRepoAndIndexConsistency(AclTracker.java:361)
web_1     |     at org.alfresco.solr.tracker.AclTracker.trackRepository(AclTracker.java:313)
web_1     |     at org.alfresco.solr.tracker.AclTracker.doTrack(AclTracker.java:104)
web_1     |     at org.alfresco.solr.tracker.AbstractTracker.track(AbstractTracker.java:185)
web_1     |     at org.alfresco.solr.tracker.TrackerJob.execute(TrackerJob.java:47)
web_1     |     at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
web_1     |     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:563)

I'm going to try to update the certs with the instructions here: https://community.alfresco.com/docs/DOC-6064-alfresco-and-solr#jive_content_id_Generating_new_SSL_certificates

Will let you know how that goes once I figure out the paths and all that.

[sanbales]

Missed changing the ports in the alfresco-global.properties from 8443 to 8080. Will need to update the provision script to sed those and the https changes.