Dear Rick, Have no familiarity with setting up Solr on Windows, but your oaths look like they might be missing a slash at the beginning, e.g., set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.p12 maybe should be set SOLR_SSL_KEY_STORE=/etc/solr-ssl.keystore.p12
Also, please check the Solr startup logs, which should have error messages if the path is incorrect. Regards, Gora On Sat, 11 May 2024 at 00:40, Hodder, Rick (Property and Casualty CIO) <richard.hod...@thehartford.com.invalid> wrote: > I’ve asked this twice on here, and on stack overflow, with no answers. > > > > Is there another site that could give me guidance? > > > > > > Thanks, > > > > *RICK HODDER* > Staff Software Engineer > Global Specialty > > [image: The Hartford] <https://www.thehartford.com/> > > The Hartford > 83 Wooster Heights Rd. | 2nd floor > Danbury, CT, 06810 > W: 475-329-6251 > > Email: richard.hod...@thehartford.com > > www.thehartford.com > www.facebook.com/thehartford > twitter.com/thehartford > > > > > > > > *From:* Hodder, Rick (Property and Casualty CIO) > *Sent:* Tuesday, May 7, 2024 6:40 PM > *To:* 'solr-u...@lucene.apache.org' <solr-u...@lucene.apache.org> > *Subject:* SOLR 8.11.1 SSL Enable Failing > > > > I’m trying to enable SSL on SOLR 8.11.1 > > > > My network team purchased a certificate Imported into JDK into a file > cacerts I copied that file to etc/solr-ssl.keystore.p12 > > > > I uncommented the SOLR SSL changed solr.in.cmd and set them as follows: > > > > REM Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. Use > this config > > REM to enable https module with custom jetty configuration. > > set SOLR_SSL_ENABLED=true > > REM Uncomment to set SSL-related system properties > > REM Be sure to update the paths to the correct keystore for your > environment > > set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.p12 > > set SOLR_SSL_KEY_STORE_PASSWORD=----------------- > > set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.p12 > > set SOLR_SSL_TRUST_STORE_PASSWORD=----------------- > > REM Require clients to authenticate > > set SOLR_SSL_NEED_CLIENT_AUTH=false > > REM Enable clients to authenticate (but not require) > > set SOLR_SSL_WANT_CLIENT_AUTH=false > > REM Verify client hostname during SSL handshake > > set SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false > > REM SSL Certificates contain host/ip "peer name" information that is > validated by default. Setting > > REM this to false can be useful to disable these checks when re-using a > certificate on many hosts > > set SOLR_SSL_CHECK_PEER_NAME=true > > REM Override Key/Trust Store types if necessary > > REM set SOLR_SSL_KEY_STORE_TYPE=PKCS12 > > REM set SOLR_SSL_TRUST_STORE_TYPE=PKCS12 > > I thin started solr from the command line, and this is what I saw: > > > > E:\ApacheSolr8_11_1>bin\solr.cmd start -p 8983 > > Java HotSpot(TM) 64-Bit Server VM warning: JVM cannot use large page > memory because it does not have enough privilege to lock pages in memory. > > INFO - 2024-05-06 17:05:17.952; > org.apache.solr.util.configuration.SSLConfigurations; Setting > javax.net.ssl.keyStorePassword > > INFO - 2024-05-06 17:05:17.967; > org.apache.solr.util.configuration.SSLConfigurations; Setting > javax.net.ssl.trustStorePassword > > Waiting up to 30 to see Solr running on port 8983 > > INFO - 2024-05-06 17:05:27.966; org.apache.http.impl.execchain.RetryExec; > I/O exception (java.net.SocketException) caught when processing request to > {s}->https://localhost:8983: An established connection was aborted by the > software in your host machine > > INFO - 2024-05-06 17:05:27.966; org.apache.http.impl.execchain.RetryExec; > Retrying request to {s}->https://localhost:8983 > > INFO - 2024-05-06 17:05:30.014; org.apache.http.impl.execchain.RetryExec; > I/O exception (java.net.SocketException) caught when processing request to > {s}->https://localhost:8983: An established connection was aborted by the > software in your host machine > > INFO - 2024-05-06 17:05:30.014; org.apache.http.impl.execchain.RetryExec; > Retrying request to {s}->https://localhost:8983 > > INFO - 2024-05-06 17:05:34.087; org.apache.http.impl.execchain.RetryExec; > I/O exception (java.net.SocketException) caught when processing request to > {s}->https://localhost:8983: An established connection was aborted by the > software in your host machine > > INFO - 2024-05-06 17:05:34.087; org.apache.http.impl.execchain.RetryExec; > Retrying request to {s}->https://localhost:8983 > > INFO - 2024-05-06 17:05:34.103; org.apache.http.impl.execchain.RetryExec; > I/O exception (java.net.SocketException) caught when processing request to > {s}->https://localhost:8983: An established connection was aborted by the > software in your host machine > > I've tried different combinations of SOLR_SSL_NEED_CLIENT_AUTH and > SOLR_SSL_WANT_CLIENT_AUTH but the get the same result. > > > > The log doesnt show any error messages about SSL. > > > > Is there something obvious I'm missing? Any suggestions? > > > > > > Thanks, > > > > *RICK HODDER* > Staff Software Engineer > Global Specialty > > [image: The Hartford] <https://www.thehartford.com/> > > The Hartford > 83 Wooster Heights Rd. | 2nd floor > Danbury, CT, 06810 > W: 475-329-6251 > > Email: richard.hod...@thehartford.com > > www.thehartford.com > www.facebook.com/thehartford > twitter.com/thehartford > > > > > > > > ****************************************************************************************************** > This communication, including attachments, is for the exclusive use of > addressee and may contain proprietary, confidential and/or privileged > information. If you are not the intended recipient, any use, copying, > disclosure, dissemination or distribution is strictly prohibited. If you > are not the intended recipient, please notify the sender immediately by > return e-mail, delete this communication and destroy all copies. > > > ****************************************************************************************************** >
