[
https://issues.apache.org/jira/browse/SOLR-7315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14382283#comment-14382283
]
Hoss Man commented on SOLR-7315:
--------------------------------
here's what i tried, using {{secret}} anyplace i was prompted for a
password/passphrase...
{noformat}
hossman@frisbee:~/lucene/dev/solr/server/etc$ keytool -genkeypair -alias
solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity
9999 -keystore solr-ssl.keystore.jks -ext
SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1 -dname "CN=localhost,
OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country"
hossman@frisbee:~/lucene/dev/solr/server/etc$ keytool -importkeystore
-srckeystore solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12
-srcstoretype jks -deststoretype pkcs12
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias solr-ssl successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or
cancelled
hossman@frisbee:~/lucene/dev/solr/server/etc$ openssl pkcs12 -in
solr-ssl.keystore.p12 -out solr-ssl.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
hossman@frisbee:~/lucene/dev/solr/server/etc$ openssl pkcs12 -nokeys -in
solr-ssl.keystore.p12 -out solr-ssl.cacert.pem
Enter Import Password:
MAC verified OK
hossman@frisbee:~/lucene/dev/solr/server/etc$ svn diff ../../bin/solr.in.sh
Index: ../../bin/solr.in.sh
===================================================================
--- ../../bin/solr.in.sh (revision 1669370)
+++ ../../bin/solr.in.sh (working copy)
@@ -101,3 +101,8 @@
# Uncomment to set a specific SSL port (-Djetty.ssl.port=N); if not set
# and you are using SSL, then the start script will use SOLR_PORT for the SSL
port
#SOLR_SSL_PORT=
+
+SOLR_SSL_OPTS="-Djavax.net.ssl.keyStore=etc/solr-ssl.keystore.jks \
+ -Djavax.net.ssl.keyStorePassword=secret \
+ -Djavax.net.ssl.trustStore=etc/solr-ssl.keystore.jks \
+ -Djavax.net.ssl.trustStorePassword=secret"
{noformat}
Then i started solr in another window using {{bin/solr -p 8984}} and now solr
is running with out SSL on port 8984...
{noformat}
hossman@frisbee:~/lucene/dev/solr/server/etc$ curl -E solr-ssl.pem:secret
--cacert solr-ssl.pem
"https://localhost:8984/solr/admin/collections?action=CLUSTERSTATUS&wt=json&indent=on";
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
hossman@frisbee:~/lucene/dev/solr/server/etc$ curl -E solr-ssl.pem:secret
--cacert solr-ssl.pem
"http://localhost:8984/solr/admin/collections?action=CLUSTERSTATUS&wt=json&indent=on";
{
"responseHeader":{
"status":400,
"QTime":4},
"error":{
"msg":"Solr instance is not running in SolrCloud mode.",
"code":400}}
{noformat}
> SSL options don't seem to be working on trunk
> ---------------------------------------------
>
> Key: SOLR-7315
> URL: https://issues.apache.org/jira/browse/SOLR-7315
> Project: Solr
> Issue Type: Bug
> Affects Versions: Trunk
> Reporter: Hoss Man
> Assignee: Steve Rowe
>
> while trying to review another patch affecting bin/solr, i attempted to
> verify that things were working with SSL, and then realized that even with an
> unmodified trunk, the documented steps for enabling SSL don't seem to work --
> *THEY DO WORK ON 5X, JUST NOT TRUNK*
> i'll post full details in a comment
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
