Skip to main content

Configure https on existing solr running on http

Hello All,

I had the scenario today where i installed my solr nodes and services and everything was working fine, but later i noticed that we will need solr running on https with sitecore 9.1, and i saw on the internet that how we can generate the certificate and put it in the trusted certificate store and update solr.in.cmd file so that it has all those entries to make solr run as https and also we will need solr certificate .pfx file on the path $solr\server\etc folder.

I also got some scripts on the internet and i tried them out but there was something missing and my solr did not start with https somehow.

So what i did was i took my solr installation powershell script which installed solr from the scratch, installs certificate and configures it, also restarts services etc.

So i took that script and modified in a way so that it only does things for making existing installed solr from http to https.

Following is the script

Param(
    $solrVersion = "6.6.2",
    $installFolder = "C:\Daivagna", ##Path to your solr folder, where your solr foler i.1 solr6.6.2 is copied, in my case it is inside c:\daivagna
    $solrPort = "8787",
    $solrHost = "solr",
    $solrInstanceName ="testsolrservice"
)
$solrName = "solr-$solrVersion"
$solrRoot = "$installFolder\$solrName"

## Verify elevated
## https://superuser.com/questions/749243/detect-if-powershell-is-running-as-administrator
$elevated = [bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")
if($elevated -eq $false)
{
    throw "In order to install run solr as https please run as administrator."
}

# Generate SSL cert
$existingCert = Get-ChildItem Cert:\LocalMachine\Root | where FriendlyName -eq "$solrName"
if(!($existingCert))
{
 Write-Host "Creating & trusting an new SSL Cert for $solrHost"

 # Generate a cert
 # https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
 $cert = New-SelfSignedCertificate -FriendlyName "$solrName" -DnsName "$solrHost" -CertStoreLocation "cert:\LocalMachine" -NotAfter (Get-Date).AddYears(10)

 # Trust the cert
 # https://stackoverflow.com/questions/8815145/how-to-trust-a-certificate-in-windows-powershell
 $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root","LocalMachine"
 $store.Open("ReadWrite")
 $store.Add($cert)
 $store.Close()

 # remove the untrusted copy of the cert
 $cert | Remove-Item
}

# export the cert to pfx using solr's default password
if(!(Test-Path -Path "$solrRoot\server\etc\solr-ssl.keystore.pfx"))
{
 Write-Host "Exporting cert for Solr to use"

 $cert = Get-ChildItem Cert:\LocalMachine\Root | where FriendlyName -eq "$solrName"

 $certStore = "$solrRoot\server\etc\solr-ssl.keystore.pfx"
 $certPwd = ConvertTo-SecureString -String "secret" -Force -AsPlainText
 $cert | Export-PfxCertificate -FilePath $certStore -Password $certpwd | Out-Null
}
else
{
 Write-Host "Old certificate already found on the path = $solrRoot\server\etc"
}
# Update solr cfg to use keystore & right host name
if(!(Test-Path -Path "$solrRoot\bin\solr.in.cmd.old"))
{
 Write-Host "Rewriting solr config"

 $cfg = Get-Content "$solrRoot\bin\solr.in.cmd"
 Rename-Item "$solrRoot\bin\solr.in.cmd" "$solrRoot\bin\solr.in.cmd.old"
 $newCfg = $cfg | % { $_ -replace "REM set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks", "set SOLR_SSL_KEY_STORE=$certStore" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_SSL_KEY_STORE_PASSWORD=secret", "set SOLR_SSL_KEY_STORE_PASSWORD=secret" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks", "set SOLR_SSL_TRUST_STORE=$certStore" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_SSL_TRUST_STORE_PASSWORD=secret", "set SOLR_SSL_TRUST_STORE_PASSWORD=secret" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_HOST=192.168.1.1", "set SOLR_HOST=$solrHost" }
 $newCfg | Set-Content "$solrRoot\bin\solr.in.cmd"
}
else
{
 Write-Host "File already exists on the path $solrRoot\bin\solr.in.cmd.old"
}   


# install the service & runs
$svc = Get-Service "$solrInstanceName" -ErrorAction SilentlyContinue
if(!($svc))
{
    Write-Host "Installing Solr service"
    &"$installFolder\nssm-$nssmVersion\win64\nssm.exe" install "$solrInstanceName" "$solrRoot\bin\solr.cmd" "-f" "-p $solrPort"
 &"$installFolder\nssm-$nssmVersion\win64\nssm.exe" set "$solrInstanceName" "Description" "$solrPort"
    $svc = Get-Service "$solrInstanceName" -ErrorAction SilentlyContinue
}
if($svc.Status -ne "Running")
{
    Write-Host "Starting Solr service"
    Start-Service "$solrInstanceName"
}
else
{
 Write-Host "Re-Starting Solr service"
    Restart-Service "$solrInstanceName"
}

# finally prove it's all working
Invoke-Expression "start https://$($solrHost):$solrPort/solr/#/"

What is does is simply creates certificate for existing solr running on specified port, installs it on a machine and copies it to etc folder of the $solr\server\etc, and edit its solr.in.cmd file with generated certificate and restarts or starts service.
Now, I am using the same script to make any non https solr to https. Cheers !!!
Labels:

Comments

  1. AnonymousJanuary 31, 2022 at 12:49 PM

    Play at The Sands Casino and Resort - New Jersey
    At Sands Casino and Resort, you'll find a variety of slots, table games, video poker 바카라 and a live septcasino poker room. All you have to do is pick 1xbet korean your favorite game.

    ReplyDelete

Post a Comment

Popular posts from this blog

Why SitecoreAI - Getting into the shoes of the customer how to select right CMS

Hi Team, Lately, I have been talking to lot of our customers / potential customers and having pre-sales demos where one question always comes is "Why Sitecore" ?  Now this question can be for any product which is out for sell. And as a technician I always get into product technical features, but at the same time as a pre-sales guy, it also makes me think, surely all competitive products have same features, so definitely answer to this is not in the technicalities.  If you step back and think, we are also a customer in our daily life and buy lot of things, what is that process we go through? When we buy, how can your customer decide if this is a right fit for you or not, why we select A over B? Is it price? is it service? Is it a brand? Is it about features? Is it about brand loyalty?  When it is a technical product, I am sure it cannot start with the technicalities of the product or selecting product itself, 100% not, I feel decision is always business strategy first and ...
1 comment
Read more

Hell of sitecore aliases pipeline breaking the site with 500 error

Hello Friends, I belive this blog post is very important for everyone because, It has some very serious effect on working of your headless website, i will share my experience what we faced and how we resolved it Issue we started facing Our site started giving "Key cannot be null or empty" with YSOD like following  Side affect Because of this 500 error, Our site pages were showing 500 custom error page intermittently and our MAU (Monthly Active User) drop rate increased. Sitecore KB There is already Sitecore KB article talking about this error but the patch which is provided on this link is confusing as well as very huge and it could bring other issues along with it as that upgrade patch also has lot of other things too which i did not want to introduce in our stable CMS. Known Issues - Retrieving the child items of resource items is not thread-safe Observation Though the surfaced exception was looking similar and giving same error and behavior given on this article, We looked...
Post a Comment
Read more

401.1 Unauthorized with windows authentication error code 0xc000006d

How many of you have faced this hosting issue when you do everything what it takes to run the site with windows authentication but still you are getting the same error again and again? If you think you also have faced the same issue and you tired of reading MSDN KBs for it and still have not found the issue (If KB has solved the issue, well and good, if not you can try this trick),Please Read below Typical scenario In typical hosting with IIS, i did every possible things like enabling windows authentication, changing it in web.config, configuring connection pool, authorization rules, it asks me for window authentication login and despite of entering correct credentials it always fails and keeps on asking for login, and when pressed cancel it gives 401.1 with 0xc000006d error code Solution (Which worked for me at-least after trying for almost 6-9 hrs) You need to change the Loop Back Check in registry so that it allows the host names which you are giving in url are allowed and au...
2 comments
Read more