Steve: It would be a great service if you were willing to document this on the Wiki. If you don't already have contributor rights, just create a logon on the Wiki, send us your logon ID and we'll add you to the approved editors list.
A bit of background: We used to let anyone edit the Wiki, but then started getting hit with a billion spam pages so had to lock it down. As long as we're convinced it's a real person asking for edit rights, they're freely granted! Best, Erick On Wed, Mar 12, 2014 at 8:15 PM, Steve Davids <[email protected]> wrote: > I will be upgrading my SolrCloud cluster at work in a couple of days (hand > patched former builds) will let everyone know if there are any other > gothchyas. I know depending on different cases the need to bundle your own > HttpClientConfigurer to use the AllowAllHostnameVerifier (if using a single > cert for all instances) or to add the TrustedSelfSignedStrategy if using > two-way SSL w/ self-signed certs. > > -Steve > > On Mar 12, 2014, at 8:05 PM, Erick Erickson <[email protected]> wrote: > > Steve: > > Thanks, I confess confusion about all things HTTPS. I'll turn this > over to the people who _do_ know about it in the morning, this is a > great help in that it tells us where to look. > > I smell a Wiki page coming.... > > Erick > > On Wed, Mar 12, 2014 at 7:47 PM, Steve Davids <[email protected]> wrote: > > Hi Eric, > > Unfortunately the only "working example" is in the unit-tests. What have you > done thus far? First step would be to add the "urlScheme" into > clusterprops.json: > > ./zkcli.sh -zkhost localhost:9983 -cmd put /clusterprops.json > '{"urlScheme":"https"}' > > > You will also need to add the basic javax.net.ssl.* system properties > (http://stackoverflow.com/a/5871352) > > It is important to note that if there is a pre-existing clusterstate.json > file you will need to update the current base_url values to move 'http' -> > 'https' scheme + update the port value. This is all necessary because when a > node is rebooted it compares the base_url to figure out where it left off in > the cluster. SOLR-5770 was created so we don't need to worry about > performing this manual http->https mapping since it will use the node_name > to perform the comparison (though the port value would still be a problem). > > Let me know if that helps, > > -Steve > > On Mar 12, 2014, at 4:23 PM, Erick Erickson <[email protected]> wrote: > > We simply cannot get Solr running over HTTPS. We're running Solr 4.7, > SOLR-3854 should be included. > > To complicate matters this is on WebSphere, but fortunately the people > here are handling that part (not a chance in the world to use Jetty). > > "IOException can't connect with an http (not https) address" > > Do we have any examples lying around that handle this case that we can > use as a template? I'm out of my league with this, https is a mystery. > > Thanks! > Erick > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
