I'm trying to enable SSL on SOLR 8.11.1
My network team purchased a certificate Imported into JDK into a file cacerts I
copied that file to etc/solr-ssl.keystore.p12
I uncommented the SOLR SSL changed solr.in.cmd and set them as follows:
REM Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. Use this
config
REM to enable https module with custom jetty configuration.
set SOLR_SSL_ENABLED=true
REM Uncomment to set SSL-related system properties
REM Be sure to update the paths to the correct keystore for your environment
set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.p12
set SOLR_SSL_KEY_STORE_PASSWORD=-----------------
set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.p12
set SOLR_SSL_TRUST_STORE_PASSWORD=-----------------
REM Require clients to authenticate
set SOLR_SSL_NEED_CLIENT_AUTH=false
REM Enable clients to authenticate (but not require)
set SOLR_SSL_WANT_CLIENT_AUTH=false
REM Verify client hostname during SSL handshake
set SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false
REM SSL Certificates contain host/ip "peer name" information that is validated
by default. Setting
REM this to false can be useful to disable these checks when re-using a
certificate on many hosts
set SOLR_SSL_CHECK_PEER_NAME=true
REM Override Key/Trust Store types if necessary
REM set SOLR_SSL_KEY_STORE_TYPE=PKCS12
REM set SOLR_SSL_TRUST_STORE_TYPE=PKCS12
I thin started solr from the command line, and this is what I saw:
E:\ApacheSolr8_11_1>bin\solr.cmd start -p 8983
Java HotSpot(TM) 64-Bit Server VM warning: JVM cannot use large page memory
because it does not have enough privilege to lock pages in memory.
INFO - 2024-05-06 17:05:17.952;
org.apache.solr.util.configuration.SSLConfigurations; Setting
javax.net.ssl.keyStorePassword
INFO - 2024-05-06 17:05:17.967;
org.apache.solr.util.configuration.SSLConfigurations; Setting
javax.net.ssl.trustStorePassword
Waiting up to 30 to see Solr running on port 8983
INFO - 2024-05-06 17:05:27.966; org.apache.http.impl.execchain.RetryExec; I/O
exception (java.net.SocketException) caught when processing request to
{s}->https://localhost:8983: An established connection was aborted by the
software in your host machine
INFO - 2024-05-06 17:05:27.966; org.apache.http.impl.execchain.RetryExec;
Retrying request to {s}->https://localhost:8983
INFO - 2024-05-06 17:05:30.014; org.apache.http.impl.execchain.RetryExec; I/O
exception (java.net.SocketException) caught when processing request to
{s}->https://localhost:8983: An established connection was aborted by the
software in your host machine
INFO - 2024-05-06 17:05:30.014; org.apache.http.impl.execchain.RetryExec;
Retrying request to {s}->https://localhost:8983
INFO - 2024-05-06 17:05:34.087; org.apache.http.impl.execchain.RetryExec; I/O
exception (java.net.SocketException) caught when processing request to
{s}->https://localhost:8983: An established connection was aborted by the
software in your host machine
INFO - 2024-05-06 17:05:34.087; org.apache.http.impl.execchain.RetryExec;
Retrying request to {s}->https://localhost:8983
INFO - 2024-05-06 17:05:34.103; org.apache.http.impl.execchain.RetryExec; I/O
exception (java.net.SocketException) caught when processing request to
{s}->https://localhost:8983: An established connection was aborted by the
software in your host machine
I've tried different combinations of SOLR_SSL_NEED_CLIENT_AUTH and
SOLR_SSL_WANT_CLIENT_AUTH but the get the same result.
The log doesnt show any error messages about SSL.
Is there something obvious I'm missing? Any suggestions?
Thanks,
RICK HODDER
Staff Software Engineer
Global Specialty
[The Hartford]<https://www.thehartford.com/>
The Hartford
83 Wooster Heights Rd. | 2nd floor
Danbury, CT, 06810
W: 475-329-6251
Email: richard.hod...@thehartford.com<mailto:richard.hod...@thehartford.com>
www.thehartford.com<https://www.thehartford.com/>
www.facebook.com/thehartford<https://www.facebook.com/thehartford>
twitter.com/thehartford<https://twitter.com/thehartford>
******************************************************************************************************
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If you are
not the intended recipient, please notify the sender immediately by return
e-mail, delete this communication and destroy all copies.
******************************************************************************************************
