Hi Gora, I looked at the logs, but there is nothing about ssl, or bad file (I assume you mean that maybe it cannot find the key file) just 2024-05-07 22:24:01.400 INFO (main) [ ] o.a.s.u.c.SSLConfigurations Setting javax.net.ssl.keyStorePassword 2024-05-07 22:24:01.400 INFO (main) [ ] o.a.s.u.c.SSLConfigurations Setting javax.net.ssl.trustStorePassword
Thanks, RICK HODDER Staff Software Engineer Global Specialty The Hartford 83 Wooster Heights Rd. | 2nd floor Danbury, CT, 06810 W: 475-329-6251 Email: [email protected] www.thehartford.com www.facebook.com/thehartford twitter.com/thehartford -----Original Message----- From: Gora Mohanty <[email protected]> Sent: Saturday, May 11, 2024 12:38 AM To: [email protected] Cc: [email protected] Subject: Re: SOLR 8.11.1 SSL Enable Failing CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Dear Rick, Have no familiarity with setting up Solr on Windows, but your oaths look like they might be missing a slash at the beginning, e.g., set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.p12 maybe should be set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.p12 Also, please check the Solr startup logs, which should have error messages if the path is incorrect. Regards, Gora On Sat, 11 May 2024 at 00:40, Hodder, Rick (Property and Casualty CIO) <[email protected]> wrote: > I’ve asked this twice on here, and on stack overflow, with no answers. > > > > Is there another site that could give me guidance? > > > > > > Thanks, > > > > *RICK HODDER* > Staff Software Engineer > Global Specialty > > [image: The Hartford] <https://www.thehartford.com/> > > The Hartford > 83 Wooster Heights Rd. | 2nd floor > Danbury, CT, 06810 > W: 475-329-6251 > > Email: [email protected] > > http://www.thehartford.com > https://urldefense.com/v3/__http://www.facebook.com/thehartford__;!!PZ > 0xAML5PpHLxYfxmvfEjrhN5g!Wvga97XR_9P2V5aJG5fMy7ap7w-mxe_LfFVkzSTTsb0xa > nckRl9gdHGzBW7BxvPQ63bY9OCPfEfk3VpG647BVg$ > https://urldefense.com/v3/__http://twitter.com/thehartford__;!!PZ0xAML > 5PpHLxYfxmvfEjrhN5g!Wvga97XR_9P2V5aJG5fMy7ap7w-mxe_LfFVkzSTTsb0xanckRl > 9gdHGzBW7BxvPQ63bY9OCPfEfk3VozKIHyYg$ > > > > > > > > *From:* Hodder, Rick (Property and Casualty CIO) > *Sent:* Tuesday, May 7, 2024 6:40 PM > *To:* '[email protected]' <[email protected]> > *Subject:* SOLR 8.11.1 SSL Enable Failing > > > > I’m trying to enable SSL on SOLR 8.11.1 > > > > My network team purchased a certificate Imported into JDK into a file > cacerts I copied that file to etc/solr-ssl.keystore.p12 > > > > I uncommented the SOLR SSL changed solr.in.cmd and set them as follows: > > > > REM Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. > Use this config > > REM to enable https module with custom jetty configuration. > > set SOLR_SSL_ENABLED=true > > REM Uncomment to set SSL-related system properties > > REM Be sure to update the paths to the correct keystore for your > environment > > set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.p12 > > set SOLR_SSL_KEY_STORE_PASSWORD=----------------- > > set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.p12 > > set SOLR_SSL_TRUST_STORE_PASSWORD=----------------- > > REM Require clients to authenticate > > set SOLR_SSL_NEED_CLIENT_AUTH=false > > REM Enable clients to authenticate (but not require) > > set SOLR_SSL_WANT_CLIENT_AUTH=false > > REM Verify client hostname during SSL handshake > > set SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false > > REM SSL Certificates contain host/ip "peer name" information that is > validated by default. Setting > > REM this to false can be useful to disable these checks when re-using > a certificate on many hosts > > set SOLR_SSL_CHECK_PEER_NAME=true > > REM Override Key/Trust Store types if necessary > > REM set SOLR_SSL_KEY_STORE_TYPE=PKCS12 > > REM set SOLR_SSL_TRUST_STORE_TYPE=PKCS12 > > I thin started solr from the command line, and this is what I saw: > > > > E:\ApacheSolr8_11_1>bin\solr.cmd start -p 8983 > > Java HotSpot(TM) 64-Bit Server VM warning: JVM cannot use large page > memory because it does not have enough privilege to lock pages in memory. > > INFO - 2024-05-06 17:05:17.952; > org.apache.solr.util.configuration.SSLConfigurations; Setting > javax.net.ssl.keyStorePassword > > INFO - 2024-05-06 17:05:17.967; > org.apache.solr.util.configuration.SSLConfigurations; Setting > javax.net.ssl.trustStorePassword > > Waiting up to 30 to see Solr running on port 8983 > > INFO - 2024-05-06 17:05:27.966; > org.apache.http.impl.execchain.RetryExec; > I/O exception (java.net.SocketException) caught when processing > request to > {s}->https://urldefense.com/v3/__https://localhost:8983__;!!PZ0xAML5Pp > HLxYfxmvfEjrhN5g!Wvga97XR_9P2V5aJG5fMy7ap7w-mxe_LfFVkzSTTsb0xanckRl9gd > HGzBW7BxvPQ63bY9OCPfEfk3VrnmZVSLA$ : An established connection was > aborted by the software in your host machine > > INFO - 2024-05-06 17:05:27.966; > org.apache.http.impl.execchain.RetryExec; > Retrying request to > {s}->https://urldefense.com/v3/__https://localhost:8983__;!!PZ0xAML5Pp > HLxYfxmvfEjrhN5g!Wvga97XR_9P2V5aJG5fMy7ap7w-mxe_LfFVkzSTTsb0xanckRl9gd > HGzBW7BxvPQ63bY9OCPfEfk3VrnmZVSLA$ > > INFO - 2024-05-06 17:05:30.014; > org.apache.http.impl.execchain.RetryExec; > I/O exception (java.net.SocketException) caught when processing > request to > {s}->https://urldefense.com/v3/__https://localhost:8983__;!!PZ0xAML5Pp > HLxYfxmvfEjrhN5g!Wvga97XR_9P2V5aJG5fMy7ap7w-mxe_LfFVkzSTTsb0xanckRl9gd > HGzBW7BxvPQ63bY9OCPfEfk3VrnmZVSLA$ : An established connection was > aborted by the software in your host machine > > INFO - 2024-05-06 17:05:30.014; > org.apache.http.impl.execchain.RetryExec; > Retrying request to > {s}->https://urldefense.com/v3/__https://localhost:8983__;!!PZ0xAML5Pp > HLxYfxmvfEjrhN5g!Wvga97XR_9P2V5aJG5fMy7ap7w-mxe_LfFVkzSTTsb0xanckRl9gd > HGzBW7BxvPQ63bY9OCPfEfk3VrnmZVSLA$ > > INFO - 2024-05-06 17:05:34.087; > org.apache.http.impl.execchain.RetryExec; > I/O exception (java.net.SocketException) caught when processing > request to > {s}->https://urldefense.com/v3/__https://localhost:8983__;!!PZ0xAML5Pp > HLxYfxmvfEjrhN5g!Wvga97XR_9P2V5aJG5fMy7ap7w-mxe_LfFVkzSTTsb0xanckRl9gd > HGzBW7BxvPQ63bY9OCPfEfk3VrnmZVSLA$ : An established connection was > aborted by the software in your host machine > > INFO - 2024-05-06 17:05:34.087; > org.apache.http.impl.execchain.RetryExec; > Retrying request to > {s}->https://urldefense.com/v3/__https://localhost:8983__;!!PZ0xAML5Pp > HLxYfxmvfEjrhN5g!Wvga97XR_9P2V5aJG5fMy7ap7w-mxe_LfFVkzSTTsb0xanckRl9gd > HGzBW7BxvPQ63bY9OCPfEfk3VrnmZVSLA$ > > INFO - 2024-05-06 17:05:34.103; > org.apache.http.impl.execchain.RetryExec; > I/O exception (java.net.SocketException) caught when processing > request to > {s}->https://urldefense.com/v3/__https://localhost:8983__;!!PZ0xAML5Pp > HLxYfxmvfEjrhN5g!Wvga97XR_9P2V5aJG5fMy7ap7w-mxe_LfFVkzSTTsb0xanckRl9gd > HGzBW7BxvPQ63bY9OCPfEfk3VrnmZVSLA$ : An established connection was > aborted by the software in your host machine > > I've tried different combinations of SOLR_SSL_NEED_CLIENT_AUTH and > SOLR_SSL_WANT_CLIENT_AUTH but the get the same result. > > > > The log doesnt show any error messages about SSL. > > > > Is there something obvious I'm missing? Any suggestions? > > > > > > Thanks, > > > > *RICK HODDER* > Staff Software Engineer > Global Specialty > > [image: The Hartford] <https://www.thehartford.com/> > > The Hartford > 83 Wooster Heights Rd. | 2nd floor > Danbury, CT, 06810 > W: 475-329-6251 > > Email: [email protected] > > http://www.thehartford.com > https://urldefense.com/v3/__http://www.facebook.com/thehartford__;!!PZ > 0xAML5PpHLxYfxmvfEjrhN5g!Wvga97XR_9P2V5aJG5fMy7ap7w-mxe_LfFVkzSTTsb0xa > nckRl9gdHGzBW7BxvPQ63bY9OCPfEfk3VpG647BVg$ > https://urldefense.com/v3/__http://twitter.com/thehartford__;!!PZ0xAML > 5PpHLxYfxmvfEjrhN5g!Wvga97XR_9P2V5aJG5fMy7ap7w-mxe_LfFVkzSTTsb0xanckRl > 9gdHGzBW7BxvPQ63bY9OCPfEfk3VozKIHyYg$ > > > > > > > > ********************************************************************** > ******************************** This communication, including > attachments, is for the exclusive use of addressee and may contain > proprietary, confidential and/or privileged information. If you are > not the intended recipient, any use, copying, disclosure, > dissemination or distribution is strictly prohibited. If you are not > the intended recipient, please notify the sender immediately by return > e-mail, delete this communication and destroy all copies. > > > ********************************************************************** > ******************************** > ****************************************************************************************************** This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ******************************************************************************************************
