Seeking Advice: Setting up SSL in Solr 9.5 on Centos 7

Tue, 28 May 2024 16:39:05 -0700 

Hey Guys,
It's been about 2 weeks now I have been searching and implementing everything I read, but have had no luck with getting SSL to work. 

I believe the error is in setting up the self-signed certificate.


I see sites mention JKS and not using localhost (following SNI rules) 
but I'm a coder, company policy is that everybody should be able to do 
everything. I don't mind but I'll need help :).


I'm hoping the someone will give me some advice.

*#Errors: *

 * HTTP ERROR 400 Invalid
     o Caused BY: org.eclipse.jetty.hhtp.NadMessageException: 400:
       Invalid SNI
 * Browser
     o Not Secure: https://domain:8984/solr/#/


*# Environment*

 * Server: CentOS 7
 * Apache Solr: 9.5
     o 1 core
 * 1 server - 1 Public IP (Default IP)
     o Multiple domians
 * So far we're only testing on 1 domain but will soon add more asĀ  SSL
   is up.


*# Solr.in.sh Settings:*

 * SOLR_PID_DIR="/var/solr"
 * SOLR_HOME="/var/solr/data"
 * LOG4J_PROPS="/var/solr/log4j2.xml"
 * SOLR_LOGS_DIR="/var/solr/logs"
 * SOLR_PORT="8983"
 * SOLR_HEAP="4g"
 * SOLR_JETTY_HOST="0.0.0.0"
 * *## SOLR settings realated to internal security*
     o SOLR_AUTH_TYPE="basic"
     o SOLR_AUTHENTICATION_OPTS="-Dbasicauth=solr:SolrRocks"
 * *## SOLR settings Related to SSL*
     o SOLR_SSL_ENABLED=true
     o SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.p12
     o SOLR_SSL_KEY_STORE_PASSWORD=<REDACTED>
     o SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.p12
     o SOLR_SSL_TRUST_STORE_PASSWORD=<REDACTED>
     o SOLR_SSL_NEED_CLIENT_AUTH=false
     o SOLR_SSL_WANT_CLIENT_AUTH=false
     o SOLR_SSL_CHECK_PEER_NAME=true
     o SOLR_HOST=<Public IP>



*# Generating Self-Signed Certificate and a key (Basically the 9.5 
documentation)*


 * sudo keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048
   -<REDACTED> r4WVa6cQ -storepass <REDACTED> -validity 9999 -keystore
   solr-ssl.keystore.p12 -storetype PKCS12 -ext SAN=DNS:<Main
   Domain>,IP:<Public IP> -dname "CN=<Main Domian>, C=US"

 * sudo openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem


*# Observation:*

 * When I am able able to get to the UI Admin (Not Secure in Browser)
 * I can look run the query on the core and see that the request is
   made using HTTPS

*Goal:*

 * Just to have SSL/TLS set up with Solr.


Not sure if I left out anything.

Please Advise.

























					Reply via email to