Skip to main content

Configure https on existing solr running on http

Hello All,

I had the scenario today where i installed my solr nodes and services and everything was working fine, but later i noticed that we will need solr running on https with sitecore 9.1, and i saw on the internet that how we can generate the certificate and put it in the trusted certificate store and update solr.in.cmd file so that it has all those entries to make solr run as https and also we will need solr certificate .pfx file on the path $solr\server\etc folder.

I also got some scripts on the internet and i tried them out but there was something missing and my solr did not start with https somehow.

So what i did was i took my solr installation powershell script which installed solr from the scratch, installs certificate and configures it, also restarts services etc.

So i took that script and modified in a way so that it only does things for making existing installed solr from http to https.

Following is the script

Param(
    $solrVersion = "6.6.2",
    $installFolder = "C:\Daivagna", ##Path to your solr folder, where your solr foler i.1 solr6.6.2 is copied, in my case it is inside c:\daivagna
    $solrPort = "8787",
    $solrHost = "solr",
    $solrInstanceName ="testsolrservice"
)
$solrName = "solr-$solrVersion"
$solrRoot = "$installFolder\$solrName"

## Verify elevated
## https://superuser.com/questions/749243/detect-if-powershell-is-running-as-administrator
$elevated = [bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")
if($elevated -eq $false)
{
    throw "In order to install run solr as https please run as administrator."
}

# Generate SSL cert
$existingCert = Get-ChildItem Cert:\LocalMachine\Root | where FriendlyName -eq "$solrName"
if(!($existingCert))
{
 Write-Host "Creating & trusting an new SSL Cert for $solrHost"

 # Generate a cert
 # https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
 $cert = New-SelfSignedCertificate -FriendlyName "$solrName" -DnsName "$solrHost" -CertStoreLocation "cert:\LocalMachine" -NotAfter (Get-Date).AddYears(10)

 # Trust the cert
 # https://stackoverflow.com/questions/8815145/how-to-trust-a-certificate-in-windows-powershell
 $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root","LocalMachine"
 $store.Open("ReadWrite")
 $store.Add($cert)
 $store.Close()

 # remove the untrusted copy of the cert
 $cert | Remove-Item
}

# export the cert to pfx using solr's default password
if(!(Test-Path -Path "$solrRoot\server\etc\solr-ssl.keystore.pfx"))
{
 Write-Host "Exporting cert for Solr to use"

 $cert = Get-ChildItem Cert:\LocalMachine\Root | where FriendlyName -eq "$solrName"

 $certStore = "$solrRoot\server\etc\solr-ssl.keystore.pfx"
 $certPwd = ConvertTo-SecureString -String "secret" -Force -AsPlainText
 $cert | Export-PfxCertificate -FilePath $certStore -Password $certpwd | Out-Null
}
else
{
 Write-Host "Old certificate already found on the path = $solrRoot\server\etc"
}
# Update solr cfg to use keystore & right host name
if(!(Test-Path -Path "$solrRoot\bin\solr.in.cmd.old"))
{
 Write-Host "Rewriting solr config"

 $cfg = Get-Content "$solrRoot\bin\solr.in.cmd"
 Rename-Item "$solrRoot\bin\solr.in.cmd" "$solrRoot\bin\solr.in.cmd.old"
 $newCfg = $cfg | % { $_ -replace "REM set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks", "set SOLR_SSL_KEY_STORE=$certStore" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_SSL_KEY_STORE_PASSWORD=secret", "set SOLR_SSL_KEY_STORE_PASSWORD=secret" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks", "set SOLR_SSL_TRUST_STORE=$certStore" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_SSL_TRUST_STORE_PASSWORD=secret", "set SOLR_SSL_TRUST_STORE_PASSWORD=secret" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_HOST=192.168.1.1", "set SOLR_HOST=$solrHost" }
 $newCfg | Set-Content "$solrRoot\bin\solr.in.cmd"
}
else
{
 Write-Host "File already exists on the path $solrRoot\bin\solr.in.cmd.old"
}   


# install the service & runs
$svc = Get-Service "$solrInstanceName" -ErrorAction SilentlyContinue
if(!($svc))
{
    Write-Host "Installing Solr service"
    &"$installFolder\nssm-$nssmVersion\win64\nssm.exe" install "$solrInstanceName" "$solrRoot\bin\solr.cmd" "-f" "-p $solrPort"
 &"$installFolder\nssm-$nssmVersion\win64\nssm.exe" set "$solrInstanceName" "Description" "$solrPort"
    $svc = Get-Service "$solrInstanceName" -ErrorAction SilentlyContinue
}
if($svc.Status -ne "Running")
{
    Write-Host "Starting Solr service"
    Start-Service "$solrInstanceName"
}
else
{
 Write-Host "Re-Starting Solr service"
    Restart-Service "$solrInstanceName"
}

# finally prove it's all working
Invoke-Expression "start https://$($solrHost):$solrPort/solr/#/"


What is does is simply creates certificate for existing solr running on specified port, installs it on a machine and copies it to etc folder of the $solr\server\etc, and edit its solr.in.cmd file with generated certificate and restarts or starts service.
Now, I am using the same script to make any non https solr to https. Cheers !!!

Comments

  1. Play at The Sands Casino and Resort - New Jersey
    At Sands Casino and Resort, you'll find a variety of slots, table games, video poker 바카라 and a live septcasino poker room. All you have to do is pick 1xbet korean your favorite game.

    ReplyDelete

Post a Comment

Popular posts from this blog

Set up leprechaun code generation with Sitecore XM Cloud Starterkit

Hi Sitecorians, It has been amazing learning year so far and with the change in technology and shift of the focus on frontend frameworks and composable products, it has been market demand to keep learning and exploring new things. Reasons behind this blog Today's topic is something that was in my draft from April-May, and I always thought that there is already a good documentation out there for  Leprechaun  and a blog post is not needed, Until I realized that there was so many of us facing same kind of issues and same kind of problems and spending same amount of time, That is where I thought, if I could write something which can reduce that repetitive troubleshooting time, That would really help the community. 1)  In a project environment, if we get into some configuration issues, we resolve them, we make sure we are not blocked and continue, but if you think same issue, same step and same scenario will come to other people, so if we can draft it online, it will help othe...

Sitecore SXA creative exchange export appends hyphen(-) number to the static assets

Hello There, So, today i will be sharing some information which i think will be useful for many as this might come as a blocker just like me, where i was planning for a next sprint for which i was checking prerequisites and suddenly found out that, Export functionality of SXA is not working properly, it was exporting things but i open the page which was exported (index.html), it was loading without any CSS or JS functioning. Problem I have been using SXA but i never had this issue before, where page or site gets exported but when we open the page, it comes up without CSS or JS functioning properly on the page. So, first thing like any developer i opened up the source of the HTML and tried to see why CSS is not working properly and checked its path and found out following  I was surprised at first point as i never saw this behavior, but one thing was confirmed that, SXA is adding these "-number" at the end of CSS when we export so, i tried to de-assemble the DLL just to see wh...

401.1 Unauthorized with windows authentication error code 0xc000006d

How many of you have faced this hosting issue when you do everything what it takes to run the site with windows authentication but still you are getting the same error again and again? If you think you also have faced the same issue and you tired of reading MSDN KBs for it and still have not found the issue (If KB has solved the issue, well and good, if not you can try this trick),Please Read below Typical scenario In typical hosting with IIS, i did every possible things like enabling windows authentication, changing it in web.config, configuring connection pool, authorization rules, it asks me for window authentication login and despite of entering correct credentials it always fails and keeps on asking for login, and when pressed cancel it gives 401.1 with 0xc000006d error code Solution (Which worked for me at-least after trying for almost 6-9 hrs) You need to change the Loop Back Check in registry so that it allows the host names which you are giving in url are allowed and au...