- Go to /opt/nastel/sbin and stop web, CEP, domain and Solr.
- Go to /opt/nastel/java/current/bin.
- Run the following command to create a .jks file named solr-ssl.keystore.jks in the current directory:
keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -storetype PKCS12 -ext SAN=DNS:localhost,IP:XX.XX.XX.XX,IP:127.0.0.1 -dname "CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country"
- To establish a connection with ZooKeeper, go to cd /opt/nastel/solr/solr-8.11.1/server/scripts/cloud-scripts and run the following:
zkcli.sh -zkhost <server1>:2181/<your_chroot>, <server2>:2181/<your_chroot> -cmd clusterprop -name urlScheme -val https
- The Solr Control Script is already set up to pass SSL-related Java system properties to the JVM. To activate the SSL settings, uncomment and update the set of properties beginning with SOLR_SSL_* in bin/solr.in.sh:
SOLR_SSL_ENABLED=true
# Uncomment to set SSL-related system properties
# Be sure to update the paths to the correct keystore for your environment
SOLR_SSL_KEY_STORE=/opt/nastel/java/current/bin/solr-ssl.keystore.jks
SOLR_SSL_KEY_STORE_PASSWORD=secret
SOLR_SSL_TRUST_STORE=/opt/nastel/java/current/bin/solr-ssl.keystore.jks
SOLR_SSL_TRUST_STORE_PASSWORD=secret
SOLR_SSL_NEED_CLIENT_AUTH=false
SOLR_SSL_WANT_CLIENT_AUTH=false
SOLR_SSL_CHECK_PEER_NAME=true
SOLR_SSL_KEY_STORE_TYPE=JKS
SOLR_SSL_TRUST_STORE_TYPE=JKS
- Under [AUTOPILOT_HOME], create an ssl directory and copy into it the solr-ssl.keystore.jks you created in step 3. Add the following to global.properties (located under the [AUTOPILOT_HOME] directory):
property javax.net.ssl.keyStore=/opt/nastel/java/current/bin/solr-ssl.keystore.jks
property javax.net.ssl.keyStorePassword=secret
property javax.net.ssl.trustStore=/opt/nastel/java/current/bin/solr-ssl.keystore.jks
property javax.net.ssl.trustStorePassword=secret
- Start Solr, domain, CEP, and web.