Edwin, On 6/10/18 10:22 PM, Zheng Lin Edwin Yeo wrote: > I have found that we can't set it this way either, as we will get the below > error on "no valid keystore". > > set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.jks > set SOLR_SSL_TRUST_STORE=/etc/solr-ssl.keystore.jks > > Error: > java.lang.reflect.InvocationTargetException > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at org.eclipse.jetty.start.Main.invokeMain(Main.java:221) > at org.eclipse.jetty.start.Main.start(Main.java:504) > at org.eclipse.jetty.start.Main.main(Main.java:78) > Caused by: java.lang.IllegalStateException: no valid keystore > > > Any other ways can that we set or to generate the keystore?
File permissions on /etc/solr-*? Effective user-id of the process trying to connect to Solr? If you use relative paths, do you have any idea what the paths are relative TO? -chris > On 9 June 2018 at 21:30, Zheng Lin Edwin Yeo <edwinye...@gmail.com> wrote: > >> Hi Chris, >> >> I have deployed these files on the {SolrHome}\server\etc folder. >> >> Currently this is the setting of the path in edm.in.cmd. >> >> set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks >> set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks >> >> For your meaning of absolute paths actually start with a slash, meaning >> we have to set it like this? >> >> set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.jks >> set SOLR_SSL_TRUST_STORE=/etc/solr-ssl.keystore.jks >> >> Regards, >> Edwin >> >> >> On 9 June 2018 at 00:15, Christopher Schultz <ch...@christopherschultz.net >>> wrote: >> >>> Edwin, >>> >>> On 6/8/18 12:02 PM, Zheng Lin Edwin Yeo wrote: >>>> I followed the steps from >>>> https://lucene.apache.org/solr/guide/7_3/enabling-ssl.html. >>>> >>>> 1) >>>> >>>> keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass >>>> secret -storepass secret -validity 9999 -keystore >>>> solr-ssl.keystore.jks -ext >>>> SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1 -dname "CN=localhost, >>>> OU=Organizational Unit, O=Organization, L=Location, ST=State, >>>> C=Country" >>>> >>>> >>>> 2) >>>> >>>> keytool -importkeystore -srckeystore solr-ssl.keystore.jks >>>> -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype >>>> pkcs12 >>>> >>>> >>>> 3) >>>> >>>> openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem >>>> >>>> >>>> >>>> I have also set these in solr.in.cmd: >>>> >>>> SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jksSOLR_SSL_KEY_STO >>> RE_PASSWORD=secretSOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore >>> .jksSOLR_SSL_TRUST_STORE_PASSWORD=secret# >>>> Require clients to authenticateSOLR_SSL_NEED_CLIENT_AUTH=false# Enable >>>> clients to authenticate (but not >>>> require)SOLR_SSL_WANT_CLIENT_AUTH=false# Define Key Store type if >>>> necessarySOLR_SSL_KEY_STORE_TYPE=JKSSOLR_SSL_TRUST_STORE_TYPE=JKS >>> >>> You didn't describe how you have deployed each of these files on each of >>> your servers. >>> >>> You might want to make sure that all your (attempted) absolute paths >>> actually start with a slash, though. >>> >>> -chris >>> >>> >> >
signature.asc
Description: OpenPGP digital signature