[
https://issues.apache.org/jira/browse/SOLR-10307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16054833#comment-16054833
]
Mano Kovacs commented on SOLR-10307:
------------------------------------
Hi [~michaelsuzuki], thanks for the followup. I am trying to reproduce the
issue but I might be missing something.
bq. The only way to get this to work is by setting the environment as follow:
What way would you prefer to use instead? Could you send an example?
Here is how I run:
{noformat}
export KEYSTORE=$PWD/keystore.jks
export TRUSTSTORE=$PWD/truststore.jks
rm $KEYSTORE
rm $TRUSTSTORE
keytool -genkey -noprompt \
-alias alias1 \
-dname "CN=mydomain.com, OU=ID, O=ABC, L=John, S=Doe, C=GB" \
-ext "SAN=dns:localhost" \
-keystore $KEYSTORE \
-storepass abc123 \
-keypass abc123 \
-keyalg RSA
keytool -genkey -noprompt \
-alias alias1 \
-dname "CN=mydomain.com, OU=ID, O=ABC, L=John, S=Doe, C=GB" \
-ext "SAN=dns:localhost" \
-keystore $TRUSTSTORE \
-storepass abc456 \
-keypass abc456 \
-keyalg RSA
export SOLR_SSL_ENABLED=true
export SOLR_SSL_KEY_STORE=$KEYSTORE
export SOLR_SSL_KEY_STORE_PASSWORD=abc123
export SOLR_SSL_TRUST_STORE=$TRUSTSTORE
export SOLR_SSL_TRUST_STORE_PASSWORD=abc456
bin/solr start -c -s ./example/cloud/node1/solr -f
{noformat}
Priorly, I downloaded the {{master}} branch, ran {{ant server}} and cloud
example. It is working for me. Note that I did not uncomment anything from
{{solr.in.sh}}.
Also, SOLR-10783 will restore sysprop option as the configuration handling is
moved out from {{jetty-ssl.xml}}.
> Provide SSL/TLS keystore password a more secure way
> ---------------------------------------------------
>
> Key: SOLR-10307
> URL: https://issues.apache.org/jira/browse/SOLR-10307
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Reporter: Mano Kovacs
> Assignee: Mark Miller
> Fix For: master (7.0), 6.7
>
> Attachments: SOLR-10307.patch, SOLR-10307.patch, SOLR-10307.patch
>
>
> Currently the only way to pass server and client side SSL keytstore and
> truststore passwords is to set specific environment variables that will be
> passed as system properties, through command line parameter.
> First option is to pass passwords through environment variables which gives a
> better level of protection. Second option would be to use hadoop credential
> provider interface to access credential store.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
