I have successfully got SOLR 8.11.1 running under SSL from the windows command line solr.bat by changing solr.in.cmd to configure the SSL.
I have a windows service that keeps SOLR live by running the jar file, with parameters passed to it. I went to the dashboard screen, and grabbed all of the -D commands and put them in the request: (run in administrator mode) CD E:\ApacheSolr8_11_1\server "C:\Program Files\Java\jdk-21\bin\java.exe" -Dsolr.solr.home=solr -Djetty.port=8983 -Djetty.home=E:\ApacheSolr8_11_1\server -DSTOP.PORT=8087 -DSTOP.KEY=stopsolr -Djetty.logs=E:\ApacheSolr8_11_1\server\logs -Dorg.eclipse.jetty.util.log.SOURCE=true -Dsolr.solr.home=E:\ApacheSolr8_11_1\server\solr -Dsolr.log.dir=E:\ApacheSolr8_11_1\server\logs -Dsolr.disable.shardsWhitelist=true -Djavax.net.ssl.keyStore=E:\ApacheSolr8_11_1\server\etc\solr-ssl.keystore.p12 -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.trustStore=E:\ApacheSolr8_11_1\server\etc\solr-ssl.keystore.p12 -Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.trustStoreType=PKCS12 -Dsolr.jetty.https.port=8983 -Dsolr.jetty.inetaccess.excludes= -Dsolr.jetty.inetaccess.includes= -Dsolr.jetty.keystore.type=PKCS12 -Dsolr.jetty.keystore=E:\ApacheSolr8_11_1\server\etc\solr-ssl.keystore.p12 -Dsolr.jetty.keystore.password=--redacted-- -Dsolr.jetty.ssl.needClientAuth=false -Dsolr.jetty.ssl.wantClientAuth=false -Dsolr.jetty.truststore.type=PKCS12 -Dsolr.jetty.truststore=E:\ApacheSolr8_11_1\server\etc\solr-ssl.keystore.p12 -Dsolr.jetty.truststore.password=--redacted-- -Dsolr.ssl.checkPeerName=true -jar E:\ApacheSolr8_11_1\server\start.jar --module=http It runs but it doesn't have ssl enabled. Here's what I'm seeing in the log that comes up when I run it. Notice that it recognizes the keystore, but cant create the client endpoint 2024-09-09 14:56:42.704 INFO (main) [ ] o.a.s.h.c.HttpShardHandlerFactory Host whitelist initialized: WhitelistHostChecker [whitelistHosts=null, whitelistHostCheckingEnabled=false] 2024-09-09 14:56:42.938 INFO (main) [ ] o.e.j.u.s.SslContextFactory x509=X509@593a6726(--redacted--,h=[localhost<mailto:x509=X509@593a6726(a4538e1ppslr002.ad1.prod,h=[localhost>, --redacted--, --redacted--],a=[],w=[]) for Client@596a7f44[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12<mailto:Client@596a7f44[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12>] 2024-09-09 14:56:43.048 WARN (main) [ ] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@596a7f44[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12<mailto:Client@596a7f44[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12>] 2024-09-09 14:56:43.198 INFO (main) [ ] o.e.j.u.s.SslContextFactory x509=X509@5e99b9c(--redacted--,h=[localhost<mailto:x509=X509@5e99b9c(a4538e1ppslr002.ad1.prod,h=[localhost>, --redacted--, --redacted--],a=[],w=[]) for Client@2fe74516[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12<mailto:Client@2fe74516[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12>] 2024-09-09 14:56:43.198 WARN (main) [ ] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@2fe74516[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12<mailto:Client@2fe74516[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12>] 2024-09-09 14:56:43.261 WARN (main) [ ] o.a.s.c.CoreContainer Not all security plugins configured! authentication=disabled authorization=disabled. Solr is only as secure as you make it. Consider configuring authentication/authorization before exposing Solr to users internal or external. See https://s.apache.org/solrsecurity for more info 2 What parameters am I missing? Or what am I doing wrong? I have tried adding -Dsolr.ssl.enabled=true, but it didn't seem to help. Thanks, RICK HODDER Staff Software Engineer Global Specialty [The Hartford]<https://www.thehartford.com/> The Hartford 83 Wooster Heights Rd. | 2nd floor Danbury, CT, 06810 W: 475-329-6251 Email: richard.hod...@thehartford.com<mailto:richard.hod...@thehartford.com> www.thehartford.com<https://www.thehartford.com/> www.facebook.com/thehartford<https://www.facebook.com/thehartford> twitter.com/thehartford<https://twitter.com/thehartford> ****************************************************************************************************** This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ******************************************************************************************************
