lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zheng Lin Edwin Yeo <edwinye...@gmail.com>
Subject Re: Collections unable to load after setting up SSL
Date Sat, 09 Jun 2018 13:30:54 GMT
Hi Chris,

I have deployed these files on the {SolrHome}\server\etc folder.

Currently this is the setting of the path in edm.in.cmd.

set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks

For your meaning of absolute paths actually start with a slash, meaning we
have to set it like this?

set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.jks
set SOLR_SSL_TRUST_STORE=/etc/solr-ssl.keystore.jks

Regards,
Edwin


On 9 June 2018 at 00:15, Christopher Schultz <chris@christopherschultz.net>
wrote:

> Edwin,
>
> On 6/8/18 12:02 PM, Zheng Lin Edwin Yeo wrote:
> > I followed the steps from
> > https://lucene.apache.org/solr/guide/7_3/enabling-ssl.html.
> >
> > 1)
> >
> > keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass
> > secret -storepass secret -validity 9999 -keystore
> > solr-ssl.keystore.jks -ext
> > SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1 -dname "CN=localhost,
> > OU=Organizational Unit, O=Organization, L=Location, ST=State,
> > C=Country"
> >
> >
> > 2)
> >
> > keytool -importkeystore -srckeystore solr-ssl.keystore.jks
> > -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype
> > pkcs12
> >
> >
> > 3)
> >
> > openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem
> >
> >
> >
> > I have also set these in solr.in.cmd:
> >
> > SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jksSOLR_SSL_KEY_
> STORE_PASSWORD=secretSOLR_SSL_TRUST_STORE=etc/solr-ssl.
> keystore.jksSOLR_SSL_TRUST_STORE_PASSWORD=secret#
> > Require clients to authenticateSOLR_SSL_NEED_CLIENT_AUTH=false# Enable
> > clients to authenticate (but not
> > require)SOLR_SSL_WANT_CLIENT_AUTH=false# Define Key Store type if
> > necessarySOLR_SSL_KEY_STORE_TYPE=JKSSOLR_SSL_TRUST_STORE_TYPE=JKS
>
> You didn't describe how you have deployed each of these files on each of
> your servers.
>
> You might want to make sure that all your (attempted) absolute paths
> actually start with a slash, though.
>
> -chris
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message