Re: Collections unable to load after setting up SSL

Zheng Lin Edwin Yeo Sun, 10 Jun 2018 19:22:47 -0700

I have found that we can't set it this way either, as we will get the below
error on "no valid keystore".


set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.jks
set SOLR_SSL_TRUST_STORE=/etc/solr-ssl.keystore.jks

Error:
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at org.eclipse.jetty.start.Main.invokeMain(Main.java:221)
        at org.eclipse.jetty.start.Main.start(Main.java:504)
        at org.eclipse.jetty.start.Main.main(Main.java:78)
Caused by: java.lang.IllegalStateException: no valid keystore


Any other ways can that we set or to generate the keystore?

Regards,
Edwin


On 9 June 2018 at 21:30, Zheng Lin Edwin Yeo <edwinye...@gmail.com> wrote:

> Hi Chris,
>
> I have deployed these files on the {SolrHome}\server\etc folder.
>
> Currently this is the setting of the path in edm.in.cmd.
>
> set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
> set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
>
> For your meaning of absolute paths actually start with a slash, meaning
> we have to set it like this?
>
> set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.jks
> set SOLR_SSL_TRUST_STORE=/etc/solr-ssl.keystore.jks
>
> Regards,
> Edwin
>
>
> On 9 June 2018 at 00:15, Christopher Schultz <ch...@christopherschultz.net
> > wrote:
>
>> Edwin,
>>
>> On 6/8/18 12:02 PM, Zheng Lin Edwin Yeo wrote:
>> > I followed the steps from
>> > https://lucene.apache.org/solr/guide/7_3/enabling-ssl.html.
>> >
>> > 1)
>> >
>> > keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass
>> > secret -storepass secret -validity 9999 -keystore
>> > solr-ssl.keystore.jks -ext
>> > SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1 -dname "CN=localhost,
>> > OU=Organizational Unit, O=Organization, L=Location, ST=State,
>> > C=Country"
>> >
>> >
>> > 2)
>> >
>> > keytool -importkeystore -srckeystore solr-ssl.keystore.jks
>> > -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype
>> > pkcs12
>> >
>> >
>> > 3)
>> >
>> > openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem
>> >
>> >
>> >
>> > I have also set these in solr.in.cmd:
>> >
>> > SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jksSOLR_SSL_KEY_STO
>> RE_PASSWORD=secretSOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore
>> .jksSOLR_SSL_TRUST_STORE_PASSWORD=secret#
>> > Require clients to authenticateSOLR_SSL_NEED_CLIENT_AUTH=false# Enable
>> > clients to authenticate (but not
>> > require)SOLR_SSL_WANT_CLIENT_AUTH=false# Define Key Store type if
>> > necessarySOLR_SSL_KEY_STORE_TYPE=JKSSOLR_SSL_TRUST_STORE_TYPE=JKS
>>
>> You didn't describe how you have deployed each of these files on each of
>> your servers.
>>
>> You might want to make sure that all your (attempted) absolute paths
>> actually start with a slash, though.
>>
>> -chris
>>
>>
>

Re: Collections unable to load after setting up SSL

Reply via email to