[jira] [Commented] (SOLR-9728) Ability to specify Key Store type in solr.in file for SSL

Kevin Risden (JIRA) Tue, 22 Nov 2016 13:21:17 -0800

    [ 
https://issues.apache.org/jira/browse/SOLR-9728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15687925#comment-15687925
 ]


Kevin Risden commented on SOLR-9728:
------------------------------------

Here is the snippet of my solr.in.sh:
{code}
# Uncomment to set SSL-related system properties
# Be sure to update the paths to the correct keystore for your environment
SOLR_SSL_KEY_STORE=/opt/solr/bin/solr-ssl.keystore.jks
SOLR_SSL_TRUST_STORE=/opt/solr/bin/solr-ssl.keystore.jks
SOLR_SSL_KEY_STORE_PASSWORD=secret
SOLR_SSL_TRUST_STORE_PASSWORD=secret
SOLR_SSL_NEED_CLIENT_AUTH=false
SOLR_SSL_WANT_CLIENT_AUTH=false
#SOLR_SSL_KEYSTORE_TYPE=JKS
#SOLR_SSL_TRUSTSTORE_TYPE=JKS
{code}

Here is the exception I get when SOLR_SSL_KEYSTORE_TYPE or 
SOLR_SSL_TRUSTSTORE_TYPE isn't specified:

{code}
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.eclipse.jetty.start.Main.invokeMain(Main.java:214)
        at org.eclipse.jetty.start.Main.start(Main.java:457)
        at org.eclipse.jetty.start.Main.main(Main.java:75)
Caused by: java.security.KeyStoreException:  not found
        at java.security.KeyStore.getInstance(KeyStore.java:851)
        at 
org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:44)
        at 
org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1016)
        at 
org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:332)
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
        at 
org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:64)
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
        at 
org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:260)
        at 
org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
        at 
org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:244)
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at org.eclipse.jetty.server.Server.doStart(Server.java:384)
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at 
org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1510)
        at java.security.AccessController.doPrivileged(Native Method)
        at 
org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1435)
        ... 7 more
Caused by: java.security.NoSuchAlgorithmException:  KeyStore not available
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
        at java.security.Security.getImpl(Security.java:695)
        at java.security.KeyStore.getInstance(KeyStore.java:848)
        ... 26 more

Usage: java -jar start.jar [options] [properties] [configs]
       java -jar start.jar --help  # for more information
{code}

> Ability to specify Key Store type in solr.in file for SSL
> ---------------------------------------------------------
>
>                 Key: SOLR-9728
>                 URL: https://issues.apache.org/jira/browse/SOLR-9728
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Server
>    Affects Versions: master (7.0)
>            Reporter: Michael Suzuki
>            Assignee: Kevin Risden
>         Attachments: SOLR-9728.patch, SOLR-9728.patch
>
>
> At present when ssl is enabled we can't set the SSL type. It currently 
> defaults to JCK.
> As a user I would like to configure the SSL type via the solr.in file.
> For instance "JCEKS" would be configured as:
> {code}
> SOLR_SSL_KEYSTORE_TYPE=JCEKS
> SOLR_SSL_TRUSTSTORE_TYPE=JCEKS
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (SOLR-9728) Ability to specify Key Store type in solr.in file for SSL

Reply via email to