I have found that we can't set it this way either, as we will get the below error on "no valid keystore".
set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.jks set SOLR_SSL_TRUST_STORE=/etc/solr-ssl.keystore.jks Error: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.eclipse.jetty.start.Main.invokeMain(Main.java:221) at org.eclipse.jetty.start.Main.start(Main.java:504) at org.eclipse.jetty.start.Main.main(Main.java:78) Caused by: java.lang.IllegalStateException: no valid keystore Any other ways can that we set or to generate the keystore? Regards, Edwin On 9 June 2018 at 21:30, Zheng Lin Edwin Yeo <edwinye...@gmail.com> wrote: > Hi Chris, > > I have deployed these files on the {SolrHome}\server\etc folder. > > Currently this is the setting of the path in edm.in.cmd. > > set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks > set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks > > For your meaning of absolute paths actually start with a slash, meaning > we have to set it like this? > > set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.jks > set SOLR_SSL_TRUST_STORE=/etc/solr-ssl.keystore.jks > > Regards, > Edwin > > > On 9 June 2018 at 00:15, Christopher Schultz <ch...@christopherschultz.net > > wrote: > >> Edwin, >> >> On 6/8/18 12:02 PM, Zheng Lin Edwin Yeo wrote: >> > I followed the steps from >> > https://lucene.apache.org/solr/guide/7_3/enabling-ssl.html. >> > >> > 1) >> > >> > keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass >> > secret -storepass secret -validity 9999 -keystore >> > solr-ssl.keystore.jks -ext >> > SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1 -dname "CN=localhost, >> > OU=Organizational Unit, O=Organization, L=Location, ST=State, >> > C=Country" >> > >> > >> > 2) >> > >> > keytool -importkeystore -srckeystore solr-ssl.keystore.jks >> > -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype >> > pkcs12 >> > >> > >> > 3) >> > >> > openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem >> > >> > >> > >> > I have also set these in solr.in.cmd: >> > >> > SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jksSOLR_SSL_KEY_STO >> RE_PASSWORD=secretSOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore >> .jksSOLR_SSL_TRUST_STORE_PASSWORD=secret# >> > Require clients to authenticateSOLR_SSL_NEED_CLIENT_AUTH=false# Enable >> > clients to authenticate (but not >> > require)SOLR_SSL_WANT_CLIENT_AUTH=false# Define Key Store type if >> > necessarySOLR_SSL_KEY_STORE_TYPE=JKSSOLR_SSL_TRUST_STORE_TYPE=JKS >> >> You didn't describe how you have deployed each of these files on each of >> your servers. >> >> You might want to make sure that all your (attempted) absolute paths >> actually start with a slash, though. >> >> -chris >> >> >