Hi Chris,
File permissions on /etc/solr-* ?
- The permissions are set to full control for all users.
Effective user-id of the process trying to connect to Solr?
- I am connecting from the Solr Admin UI. I have set the Basic
Authentication, and that the Basic Authentication is working on its own
without the SSL
If you use relative paths, do you have any idea what the paths are relative
TO?
- Yes. I have also tried setting the full path, and I still get the same
issue.
Regards,
Edwin
On 12 June 2018 at 02:01, Christopher Schultz <ch...@christopherschultz.net>
wrote:
> Edwin,
>
> On 6/10/18 10:22 PM, Zheng Lin Edwin Yeo wrote:
> > I have found that we can't set it this way either, as we will get the
> below
> > error on "no valid keystore".
> >
> > set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.jks
> > set SOLR_SSL_TRUST_STORE=/etc/solr-ssl.keystore.jks
> >
> > Error:
> > java.lang.reflect.InvocationTargetException
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
> Source)
> > at java.lang.reflect.Method.invoke(Unknown Source)
> > at org.eclipse.jetty.start.Main.invokeMain(Main.java:221)
> > at org.eclipse.jetty.start.Main.start(Main.java:504)
> > at org.eclipse.jetty.start.Main.main(Main.java:78)
> > Caused by: java.lang.IllegalStateException: no valid keystore
> >
> >
> > Any other ways can that we set or to generate the keystore?
>
> File permissions on /etc/solr-*?
>
> Effective user-id of the process trying to connect to Solr?
>
> If you use relative paths, do you have any idea what the paths are
> relative TO?
>
> -chris
>
> > On 9 June 2018 at 21:30, Zheng Lin Edwin Yeo <edwinye...@gmail.com>
> wrote:
> >
> >> Hi Chris,
> >>
> >> I have deployed these files on the {SolrHome}\server\etc folder.
> >>
> >> Currently this is the setting of the path in edm.in.cmd.
> >>
> >> set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
> >> set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
> >>
> >> For your meaning of absolute paths actually start with a slash, meaning
> >> we have to set it like this?
> >>
> >> set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.jks
> >> set SOLR_SSL_TRUST_STORE=/etc/solr-ssl.keystore.jks
> >>
> >> Regards,
> >> Edwin
> >>
> >>
> >> On 9 June 2018 at 00:15, Christopher Schultz <
> ch...@christopherschultz.net
> >>> wrote:
> >>
> >>> Edwin,
> >>>
> >>> On 6/8/18 12:02 PM, Zheng Lin Edwin Yeo wrote:
> >>>> I followed the steps from
> >>>> https://lucene.apache.org/solr/guide/7_3/enabling-ssl.html.
> >>>>
> >>>> 1)
> >>>>
> >>>> keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass
> >>>> secret -storepass secret -validity 9999 -keystore
> >>>> solr-ssl.keystore.jks -ext
> >>>> SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1 -dname "CN=localhost,
> >>>> OU=Organizational Unit, O=Organization, L=Location, ST=State,
> >>>> C=Country"
> >>>>
> >>>>
> >>>> 2)
> >>>>
> >>>> keytool -importkeystore -srckeystore solr-ssl.keystore.jks
> >>>> -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype
> >>>> pkcs12
> >>>>
> >>>>
> >>>> 3)
> >>>>
> >>>> openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem
> >>>>
> >>>>
> >>>>
> >>>> I have also set these in solr.in.cmd:
> >>>>
> >>>> SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jksSOLR_SSL_KEY_STO
> >>> RE_PASSWORD=secretSOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore
> >>> .jksSOLR_SSL_TRUST_STORE_PASSWORD=secret#
> >>>> Require clients to authenticateSOLR_SSL_NEED_CLIENT_AUTH=false#
> Enable
> >>>> clients to authenticate (but not
> >>>> require)SOLR_SSL_WANT_CLIENT_AUTH=false# Define Key Store type if
> >>>> necessarySOLR_SSL_KEY_STORE_TYPE=JKSSOLR_SSL_TRUST_STORE_TYPE=JKS
> >>>
> >>> You didn't describe how you have deployed each of these files on each
> of
> >>> your servers.
> >>>
> >>> You might want to make sure that all your (attempted) absolute paths
> >>> actually start with a slash, though.
> >>>
> >>> -chris
> >>>
> >>>
> >>
> >
>
>
