Edwin, On 6/10/18 10:22 PM, Zheng Lin Edwin Yeo wrote: > I have found that we can't set it this way either, as we will get the below > error on "no valid keystore". > > set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.jks > set SOLR_SSL_TRUST_STORE=/etc/solr-ssl.keystore.jks > > Error: > java.lang.reflect.InvocationTargetException > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at org.eclipse.jetty.start.Main.invokeMain(Main.java:221) > at org.eclipse.jetty.start.Main.start(Main.java:504) > at org.eclipse.jetty.start.Main.main(Main.java:78) > Caused by: java.lang.IllegalStateException: no valid keystore > > > Any other ways can that we set or to generate the keystore?
File permissions on /etc/solr-*?
Effective user-id of the process trying to connect to Solr?
If you use relative paths, do you have any idea what the paths are
relative TO?
-chris
> On 9 June 2018 at 21:30, Zheng Lin Edwin Yeo <edwinye...@gmail.com> wrote:
>
>> Hi Chris,
>>
>> I have deployed these files on the {SolrHome}\server\etc folder.
>>
>> Currently this is the setting of the path in edm.in.cmd.
>>
>> set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
>> set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
>>
>> For your meaning of absolute paths actually start with a slash, meaning
>> we have to set it like this?
>>
>> set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.jks
>> set SOLR_SSL_TRUST_STORE=/etc/solr-ssl.keystore.jks
>>
>> Regards,
>> Edwin
>>
>>
>> On 9 June 2018 at 00:15, Christopher Schultz <ch...@christopherschultz.net
>>> wrote:
>>
>>> Edwin,
>>>
>>> On 6/8/18 12:02 PM, Zheng Lin Edwin Yeo wrote:
>>>> I followed the steps from
>>>> https://lucene.apache.org/solr/guide/7_3/enabling-ssl.html.
>>>>
>>>> 1)
>>>>
>>>> keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass
>>>> secret -storepass secret -validity 9999 -keystore
>>>> solr-ssl.keystore.jks -ext
>>>> SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1 -dname "CN=localhost,
>>>> OU=Organizational Unit, O=Organization, L=Location, ST=State,
>>>> C=Country"
>>>>
>>>>
>>>> 2)
>>>>
>>>> keytool -importkeystore -srckeystore solr-ssl.keystore.jks
>>>> -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype
>>>> pkcs12
>>>>
>>>>
>>>> 3)
>>>>
>>>> openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem
>>>>
>>>>
>>>>
>>>> I have also set these in solr.in.cmd:
>>>>
>>>> SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jksSOLR_SSL_KEY_STO
>>> RE_PASSWORD=secretSOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore
>>> .jksSOLR_SSL_TRUST_STORE_PASSWORD=secret#
>>>> Require clients to authenticateSOLR_SSL_NEED_CLIENT_AUTH=false# Enable
>>>> clients to authenticate (but not
>>>> require)SOLR_SSL_WANT_CLIENT_AUTH=false# Define Key Store type if
>>>> necessarySOLR_SSL_KEY_STORE_TYPE=JKSSOLR_SSL_TRUST_STORE_TYPE=JKS
>>>
>>> You didn't describe how you have deployed each of these files on each of
>>> your servers.
>>>
>>> You might want to make sure that all your (attempted) absolute paths
>>> actually start with a slash, though.
>>>
>>> -chris
>>>
>>>
>>
>
signature.asc
Description: OpenPGP digital signature
