"javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" when running docker image on localhost

[sjiherzig]

Hi,

I've set up MMS on my local machine, created a local user on Alfresco with appropriate rights (site admin, alfresco admin), and was able to successfully log in to the local MMS instance through MDK. However, after validating a test model, and selecting to create and commit project to server (as per the instructions), I receive a HTTP 500 response upon trying to create a new group for a site during the commit. Upon closer inspection of the logs, I noticed the following exception:

 2019-02-15 01:14:04,438  INFO  [view_repo.webscripts.OrgPost] [http-bio-8080-exec-22] {"orgs":[{"id":"d09fb697-d793-42f8-85fb-5592b6488dcd","name":"Test Org"}],"source":"magicdraw","mdkVersion":"3.4.0"}
 2019-02-15 01:14:04,457  INFO  [webscripts.util.ShareUtils] [http-bio-8080-exec-22] Repo URL: https://localhost:8443/alfresco
 2019-02-15 01:14:04,458  INFO  [webscripts.util.ShareUtils] [http-bio-8080-exec-22] Share URL: https://localhost:8443/share
 2019-02-15 01:14:04,459  INFO  [webscripts.util.ShareUtils] [http-bio-8080-exec-22] Login URL: https://localhost:8443/share/page/dologin
 2019-02-15 01:14:04,459  INFO  [webscripts.util.ShareUtils] [http-bio-8080-exec-22] Create Site URL: https://localhost:8443/share/page/modules/create-site
 2019-02-15 01:14:04,459  INFO  [webscripts.util.ShareUtils] [http-bio-8080-exec-22] Update Group URL: https://localhost:8443/alfresco/service/api/groups
 2019-02-15 01:14:04,479  ERROR [webscripts.util.ShareUtils] [http-bio-8080-exec-22] Failed to Login to Alfresco Share

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
	at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:440)
	at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:244)
	at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:108)
	at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:149)
	at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
	at gov.nasa.jpl.view_repo.webscripts.util.ShareUtils.makeSharePostCall(ShareUtils.java:158)
	at gov.nasa.jpl.view_repo.webscripts.util.ShareUtils.constructSiteDashboard(ShareUtils.java:110)
	at gov.nasa.jpl.view_repo.webscripts.OrgPost.executeImplImpl(OrgPost.java:118)
	at gov.nasa.jpl.view_repo.webscripts.OrgPost.executeImpl(OrgPost.java:78)
	at gov.nasa.jpl.view_repo.webscripts.DeclarativeJavaWebScript.execute(DeclarativeJavaWebScript.java:98)
	at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:512)
	at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:457)
	at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:580)
	at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:649)
	at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:421)
	at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:301)
	at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:382)
	at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210)
	at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:498)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:1025)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1139)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

 2019-02-15 01:14:04,479  ERROR [webscripts.util.ShareUtils] [http-bio-8080-exec-22] Could not login to share site
 2019-02-15 01:14:04,479  INFO  [view_repo.webscripts.AbstractJavaWebScript] [http-bio-8080-exec-22] [INFO]: Failed to create site.

 2019-02-15 01:14:04,480  ERROR [view_repo.webscripts.OrgPost] [http-bio-8080-exec-22] Failed site info: Test Org, , d09fb697-d793-42f8-85fb-5592b6488dcd

I've tried this both with a local project, and with a project on a TWC server. I've also tried this with MDK 3.6.0 and 3.4.0 (the docker image version is 3.4.2). I've also tried it with two separate MagicDraw installs (I have certs configured in one of these for access to a private TWC instance).

My assumption is that SOLR is configured to run using SSL, but there's no appropriate certificate available in the docker container.

I should notice that I'm running all of this on a Mac - Docker on Mac has a few quirks that I already had to work around... hopefully this is not due to one of the limitations of Docker on Mac.

Is there a way to configure SOLR and Alfresco not to use SSL at all (this is a dev machine only)? Or would I have to clone this repo, change the configuration files, and rebuild the docker image? I'm not terribly familiar with docker, so perhaps I've overseen something, too. Any help would be very much appreciated.

Sebastian

[HuiJun]

@sjiherzig Yes there is a way to have alfresco and solr not use SSL. In alfresco-global.properties, there are 4 properties to change: alfreco.port, alfresco.protocol, share.port, and share.protocol. Change the ports to use 8080 instead of 8443 and protocol to http from https.

[HuiJun]

Forgot to also mention that you should also check that solr.port = 8080 and solr.secureComms = none in alfresco-global.properties for alfresco to not use ssl when accessing solr.