Skip to main content

Configure https on existing solr running on http

Hello All,

I had the scenario today where i installed my solr nodes and services and everything was working fine, but later i noticed that we will need solr running on https with sitecore 9.1, and i saw on the internet that how we can generate the certificate and put it in the trusted certificate store and update solr.in.cmd file so that it has all those entries to make solr run as https and also we will need solr certificate .pfx file on the path $solr\server\etc folder.

I also got some scripts on the internet and i tried them out but there was something missing and my solr did not start with https somehow.

So what i did was i took my solr installation powershell script which installed solr from the scratch, installs certificate and configures it, also restarts services etc.

So i took that script and modified in a way so that it only does things for making existing installed solr from http to https.

Following is the script

Param(
    $solrVersion = "6.6.2",
    $installFolder = "C:\Daivagna", ##Path to your solr folder, where your solr foler i.1 solr6.6.2 is copied, in my case it is inside c:\daivagna
    $solrPort = "8787",
    $solrHost = "solr",
    $solrInstanceName ="testsolrservice"
)
$solrName = "solr-$solrVersion"
$solrRoot = "$installFolder\$solrName"

## Verify elevated
## https://superuser.com/questions/749243/detect-if-powershell-is-running-as-administrator
$elevated = [bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")
if($elevated -eq $false)
{
    throw "In order to install run solr as https please run as administrator."
}

# Generate SSL cert
$existingCert = Get-ChildItem Cert:\LocalMachine\Root | where FriendlyName -eq "$solrName"
if(!($existingCert))
{
 Write-Host "Creating & trusting an new SSL Cert for $solrHost"

 # Generate a cert
 # https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
 $cert = New-SelfSignedCertificate -FriendlyName "$solrName" -DnsName "$solrHost" -CertStoreLocation "cert:\LocalMachine" -NotAfter (Get-Date).AddYears(10)

 # Trust the cert
 # https://stackoverflow.com/questions/8815145/how-to-trust-a-certificate-in-windows-powershell
 $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root","LocalMachine"
 $store.Open("ReadWrite")
 $store.Add($cert)
 $store.Close()

 # remove the untrusted copy of the cert
 $cert | Remove-Item
}

# export the cert to pfx using solr's default password
if(!(Test-Path -Path "$solrRoot\server\etc\solr-ssl.keystore.pfx"))
{
 Write-Host "Exporting cert for Solr to use"

 $cert = Get-ChildItem Cert:\LocalMachine\Root | where FriendlyName -eq "$solrName"

 $certStore = "$solrRoot\server\etc\solr-ssl.keystore.pfx"
 $certPwd = ConvertTo-SecureString -String "secret" -Force -AsPlainText
 $cert | Export-PfxCertificate -FilePath $certStore -Password $certpwd | Out-Null
}
else
{
 Write-Host "Old certificate already found on the path = $solrRoot\server\etc"
}
# Update solr cfg to use keystore & right host name
if(!(Test-Path -Path "$solrRoot\bin\solr.in.cmd.old"))
{
 Write-Host "Rewriting solr config"

 $cfg = Get-Content "$solrRoot\bin\solr.in.cmd"
 Rename-Item "$solrRoot\bin\solr.in.cmd" "$solrRoot\bin\solr.in.cmd.old"
 $newCfg = $cfg | % { $_ -replace "REM set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks", "set SOLR_SSL_KEY_STORE=$certStore" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_SSL_KEY_STORE_PASSWORD=secret", "set SOLR_SSL_KEY_STORE_PASSWORD=secret" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks", "set SOLR_SSL_TRUST_STORE=$certStore" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_SSL_TRUST_STORE_PASSWORD=secret", "set SOLR_SSL_TRUST_STORE_PASSWORD=secret" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_HOST=192.168.1.1", "set SOLR_HOST=$solrHost" }
 $newCfg | Set-Content "$solrRoot\bin\solr.in.cmd"
}
else
{
 Write-Host "File already exists on the path $solrRoot\bin\solr.in.cmd.old"
}   


# install the service & runs
$svc = Get-Service "$solrInstanceName" -ErrorAction SilentlyContinue
if(!($svc))
{
    Write-Host "Installing Solr service"
    &"$installFolder\nssm-$nssmVersion\win64\nssm.exe" install "$solrInstanceName" "$solrRoot\bin\solr.cmd" "-f" "-p $solrPort"
 &"$installFolder\nssm-$nssmVersion\win64\nssm.exe" set "$solrInstanceName" "Description" "$solrPort"
    $svc = Get-Service "$solrInstanceName" -ErrorAction SilentlyContinue
}
if($svc.Status -ne "Running")
{
    Write-Host "Starting Solr service"
    Start-Service "$solrInstanceName"
}
else
{
 Write-Host "Re-Starting Solr service"
    Restart-Service "$solrInstanceName"
}

# finally prove it's all working
Invoke-Expression "start https://$($solrHost):$solrPort/solr/#/"

What is does is simply creates certificate for existing solr running on specified port, installs it on a machine and copies it to etc folder of the $solr\server\etc, and edit its solr.in.cmd file with generated certificate and restarts or starts service.
Now, I am using the same script to make any non https solr to https. Cheers !!!
Labels:

Comments

  1. AnonymousJanuary 31, 2022 at 12:49 PM

    Play at The Sands Casino and Resort - New Jersey
    At Sands Casino and Resort, you'll find a variety of slots, table games, video poker 바카라 and a live septcasino poker room. All you have to do is pick 1xbet korean your favorite game.

    ReplyDelete

Post a Comment

Popular posts from this blog

One or more exceptions occurred while processing the subscribers to the 'item:creating' event

I was recently installing the packages from one of the QA environment to my local Sitecore instance, "Media library package" to be precise, And it started giving me this below error One or more exceptions occurred while processing the subscribers to the 'item:creating' event Looking at the sitecore logs, it gave me more info on the context and the actual inner exception was following Solution: 'Name' should consist only of letters, digits, dashes or underscore Now it was evident that some of my file names were violating the naming rule, I could see in the log just before exception from where the installer stopped creating items, and that file name had round braces "(" and ")" at the end of it, with my surprise I was able to create the item with those name in the content tree, but below was the solution for it, Solution I am using SC 9.0.1 and in that Go to Sitecore.Marketing.config file residing in "App_Config\Sitecore\Mar...
9 comments
Read more

401.1 Unauthorized with windows authentication error code 0xc000006d

How many of you have faced this hosting issue when you do everything what it takes to run the site with windows authentication but still you are getting the same error again and again? If you think you also have faced the same issue and you tired of reading MSDN KBs for it and still have not found the issue (If KB has solved the issue, well and good, if not you can try this trick),Please Read below Typical scenario In typical hosting with IIS, i did every possible things like enabling windows authentication, changing it in web.config, configuring connection pool, authorization rules, it asks me for window authentication login and despite of entering correct credentials it always fails and keeps on asking for login, and when pressed cancel it gives 401.1 with 0xc000006d error code Solution (Which worked for me at-least after trying for almost 6-9 hrs) You need to change the Loop Back Check in registry so that it allows the host names which you are giving in url are allowed and au...
2 comments
Read more

Zero to Hero - A real life RCA of exact issue in Sitecore Managed Cloud environment

Hello All, The purpose of today's post is to share a real life burning and escalated scenario which was new to me and how did I approach it and how big the escalations were and what was the outcome Sitecore's goodwill was at stack not because Sitecore is not capable of handling it but just because our environment was Sitecore Managed Cloud, and any issue that comes if its infra, back end code, front end code will be first pointed as Sitecore issue and that is where our consultancy and experience will play a role to prove that it is not Sitecore issue.  Issue we faced Out of the blue our site started giving "504 Gateway Time-out", and it was reported that almost everyone is getting this error, but when we used to browse the site, everything looked good and never 504. 504 Gateway Time-out error tells that, That the request went to Content Delivery servers of Sitecore from gateway, but gateway did not get response in time from those CDs and hence it gave time out error. ...
2 comments
Read more