Hi, One flaw is that you need --module=https
Perhaps walk through all the cmdline parameters from bin\solr.cmd once again to see if you captured them all correctly. BTW: I highly recommend you upgrade to 8.11.3, and soon after that to latest 9.x Jan > 9. sep. 2024 kl. 21:04 skrev Hodder, Rick (Property and Casualty CIO) > <richard.hod...@thehartford.com.INVALID>: > > I have successfully got SOLR 8.11.1 running under SSL from the windows > command line solr.bat by changing solr.in.cmd to configure the SSL. > > I have a windows service that keeps SOLR live by running the jar file, with > parameters passed to it. > > I went to the dashboard screen, and grabbed all of the -D commands and put > them in the request: > > (run in administrator mode) > CD E:\ApacheSolr8_11_1\server > "C:\Program Files\Java\jdk-21\bin\java.exe" -Dsolr.solr.home=solr > -Djetty.port=8983 -Djetty.home=E:\ApacheSolr8_11_1\server -DSTOP.PORT=8087 > -DSTOP.KEY=stopsolr -Djetty.logs=E:\ApacheSolr8_11_1\server\logs > -Dorg.eclipse.jetty.util.log.SOURCE=true > -Dsolr.solr.home=E:\ApacheSolr8_11_1\server\solr > -Dsolr.log.dir=E:\ApacheSolr8_11_1\server\logs > -Dsolr.disable.shardsWhitelist=true > -Djavax.net.ssl.keyStore=E:\ApacheSolr8_11_1\server\etc\solr-ssl.keystore.p12 > -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.keyStoreType=PKCS12 > > -Djavax.net.ssl.trustStore=E:\ApacheSolr8_11_1\server\etc\solr-ssl.keystore.p12 > -Djavax.net.ssl.trustStorePassword=password > -Djavax.net.ssl.trustStoreType=PKCS12 -Dsolr.jetty.https.port=8983 > -Dsolr.jetty.inetaccess.excludes= -Dsolr.jetty.inetaccess.includes= > -Dsolr.jetty.keystore.type=PKCS12 > -Dsolr.jetty.keystore=E:\ApacheSolr8_11_1\server\etc\solr-ssl.keystore.p12 > -Dsolr.jetty.keystore.password=--redacted-- > -Dsolr.jetty.ssl.needClientAuth=false -Dsolr.jetty.ssl.wantClientAuth=false > -Dsolr.jetty.truststore.type=PKCS12 > -Dsolr.jetty.truststore=E:\ApacheSolr8_11_1\server\etc\solr-ssl.keystore.p12 > -Dsolr.jetty.truststore.password=--redacted-- -Dsolr.ssl.checkPeerName=true > -jar E:\ApacheSolr8_11_1\server\start.jar --module=http > > It runs but it doesn’t have ssl enabled. > > Here’s what I’m seeing in the log that comes up when I run it. Notice that it > recognizes the keystore, but cant create the client endpoint > > 2024-09-09 14:56:42.704 INFO (main) [ ] o.a.s.h.c.HttpShardHandlerFactory > Host whitelist initialized: WhitelistHostChecker [whitelistHosts=null, > whitelistHostCheckingEnabled=false] > 2024-09-09 14:56:42.938 INFO (main) [ ] o.e.j.u.s.SslContextFactory > x509=X509@593a6726(--redacted--,h=[localhost > <mailto:x509=X509@593a6726(a4538e1ppslr002.ad1.prod,h=[localhost>, > --redacted--, --redacted--],a=[],w=[]) > forClient@596a7f44[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12 > > <mailto:Client@596a7f44[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12>] > 2024-09-09 14:56:43.048 WARN (main) [ ] o.e.j.u.s.S.config No Client > EndPointIdentificationAlgorithm configured > forClient@596a7f44[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12 > > <mailto:Client@596a7f44[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12>] > 2024-09-09 14:56:43.198 INFO (main) [ ] o.e.j.u.s.SslContextFactory > x509=X509@5e99b9c(--redacted--,h=[localhost > <mailto:x509=X509@5e99b9c(a4538e1ppslr002.ad1.prod,h=[localhost>, > --redacted--, --redacted--],a=[],w=[]) > forClient@2fe74516[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12 > > <mailto:Client@2fe74516[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12>] > 2024-09-09 14:56:43.198 WARN (main) [ ] o.e.j.u.s.S.config No Client > EndPointIdentificationAlgorithm configured > forClient@2fe74516[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12 > > <mailto:Client@2fe74516[provider=null,keyStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12,trustStore=file:///E:/ApacheSolr8_11_1/server/etc/solr-ssl.keystore.p12>] > 2024-09-09 14:56:43.261 WARN (main) [ ] o.a.s.c.CoreContainer Not all > security plugins configured! authentication=disabled authorization=disabled. > Solr is only as secure as you make it. Consider configuring > authentication/authorization before exposing Solr to users internal or > external. See https://s.apache.org/solrsecurity for more info > 2 > > What parameters am I missing? Or what am I doing wrong? > > I have tried adding -Dsolr.ssl.enabled=true, but it didn’t seem to help. > > Thanks, > > RICK HODDER > Staff Software Engineer > Global Specialty > <https://www.thehartford.com/> > The Hartford > 83 Wooster Heights Rd. | 2nd floor > Danbury, CT, 06810 > W: 475-329-6251 > > Email: richard.hod...@thehartford.com <mailto:richard.hod...@thehartford.com> > www.thehartford.com <https://www.thehartford.com/> > www.facebook.com/thehartford <https://www.facebook.com/thehartford> > twitter.com/thehartford <https://twitter.com/thehartford> > > > > ****************************************************************************************************** > This communication, including attachments, is for the exclusive use of > addressee and may contain proprietary, confidential and/or privileged > information. If you are not the intended recipient, any use, copying, > disclosure, dissemination or distribution is strictly prohibited. If you are > not the intended recipient, please notify the sender immediately by return > e-mail, delete this communication and destroy all copies. > > ******************************************************************************************************
