[jira] [Commented] (SOLR-5757) Need ref-guide coverage of using Solr(Cloud) with SSL

Thu, 17 Apr 2014 18:30:07 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-5757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13973678#comment-13973678
 ] 

Steve Davids commented on SOLR-5757:
------------------------------------

Just to get some initial notes on the record:

* See the example jetty.xml file to see how to configure Jetty w/ SSL in the 
SslSelectChannelConnector
** Set needClientAuth to true to enable two-way SSL, can be configured in the 
example via -Djetty.ssl.clientAuth=true
* Set the URL Scheme in ZooKeeper to let the cluster know that it needs to use 
https when building the various replica URLs
** ZK Command: {code}./zkcli.sh -zkhost localhost:9983 -cmd put 
/clusterprops.json
{\"urlScheme\":\"https\"}{code}
** Note: possible improvement is to provide some bootstrapping mechanism?
* Set the javax.net.ssl.* system properties to configure SSL for HttpClient, 
this will also allow two-way SSL to work...
** javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, 
javax.net.ssl.trustStore, javax.net.ssl.trustStorePassword
* Clients can use a generic certificate and use the ALLOW_ALL_HOSTNAME_VERIFIER 
(SOLR-5868) by setting the solr.ssl.checkPeerName system property 
(-Dsolr.ssl.checkPeerName=true). This makes it so clients don't need to specify 
*every* machine in the cluster in the alt subject names within the certificate 
(as it may change and be a pain to manage).

> Need ref-guide coverage of using Solr(Cloud) with SSL
> -----------------------------------------------------
>
>                 Key: SOLR-5757
>                 URL: https://issues.apache.org/jira/browse/SOLR-5757
>             Project: Solr
>          Issue Type: Task
>          Components: documentation
>            Reporter: Hoss Man
>            Assignee: Mark Miller
>             Fix For: 4.9, 5.0
>
>
> need doc updates explaining:
> * basics of running SolrCloud with SSL
> * how to setup/config client auth certs for bi-directional auth



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to