Skip to main content

Configure https on existing solr running on http

Hello All,

I had the scenario today where i installed my solr nodes and services and everything was working fine, but later i noticed that we will need solr running on https with sitecore 9.1, and i saw on the internet that how we can generate the certificate and put it in the trusted certificate store and update solr.in.cmd file so that it has all those entries to make solr run as https and also we will need solr certificate .pfx file on the path $solr\server\etc folder.

I also got some scripts on the internet and i tried them out but there was something missing and my solr did not start with https somehow.

So what i did was i took my solr installation powershell script which installed solr from the scratch, installs certificate and configures it, also restarts services etc.

So i took that script and modified in a way so that it only does things for making existing installed solr from http to https.

Following is the script

Param(
    $solrVersion = "6.6.2",
    $installFolder = "C:\Daivagna", ##Path to your solr folder, where your solr foler i.1 solr6.6.2 is copied, in my case it is inside c:\daivagna
    $solrPort = "8787",
    $solrHost = "solr",
    $solrInstanceName ="testsolrservice"
)
$solrName = "solr-$solrVersion"
$solrRoot = "$installFolder\$solrName"

## Verify elevated
## https://superuser.com/questions/749243/detect-if-powershell-is-running-as-administrator
$elevated = [bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")
if($elevated -eq $false)
{
    throw "In order to install run solr as https please run as administrator."
}

# Generate SSL cert
$existingCert = Get-ChildItem Cert:\LocalMachine\Root | where FriendlyName -eq "$solrName"
if(!($existingCert))
{
 Write-Host "Creating & trusting an new SSL Cert for $solrHost"

 # Generate a cert
 # https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
 $cert = New-SelfSignedCertificate -FriendlyName "$solrName" -DnsName "$solrHost" -CertStoreLocation "cert:\LocalMachine" -NotAfter (Get-Date).AddYears(10)

 # Trust the cert
 # https://stackoverflow.com/questions/8815145/how-to-trust-a-certificate-in-windows-powershell
 $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root","LocalMachine"
 $store.Open("ReadWrite")
 $store.Add($cert)
 $store.Close()

 # remove the untrusted copy of the cert
 $cert | Remove-Item
}

# export the cert to pfx using solr's default password
if(!(Test-Path -Path "$solrRoot\server\etc\solr-ssl.keystore.pfx"))
{
 Write-Host "Exporting cert for Solr to use"

 $cert = Get-ChildItem Cert:\LocalMachine\Root | where FriendlyName -eq "$solrName"

 $certStore = "$solrRoot\server\etc\solr-ssl.keystore.pfx"
 $certPwd = ConvertTo-SecureString -String "secret" -Force -AsPlainText
 $cert | Export-PfxCertificate -FilePath $certStore -Password $certpwd | Out-Null
}
else
{
 Write-Host "Old certificate already found on the path = $solrRoot\server\etc"
}
# Update solr cfg to use keystore & right host name
if(!(Test-Path -Path "$solrRoot\bin\solr.in.cmd.old"))
{
 Write-Host "Rewriting solr config"

 $cfg = Get-Content "$solrRoot\bin\solr.in.cmd"
 Rename-Item "$solrRoot\bin\solr.in.cmd" "$solrRoot\bin\solr.in.cmd.old"
 $newCfg = $cfg | % { $_ -replace "REM set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks", "set SOLR_SSL_KEY_STORE=$certStore" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_SSL_KEY_STORE_PASSWORD=secret", "set SOLR_SSL_KEY_STORE_PASSWORD=secret" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks", "set SOLR_SSL_TRUST_STORE=$certStore" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_SSL_TRUST_STORE_PASSWORD=secret", "set SOLR_SSL_TRUST_STORE_PASSWORD=secret" }
 $newCfg = $newCfg | % { $_ -replace "REM set SOLR_HOST=192.168.1.1", "set SOLR_HOST=$solrHost" }
 $newCfg | Set-Content "$solrRoot\bin\solr.in.cmd"
}
else
{
 Write-Host "File already exists on the path $solrRoot\bin\solr.in.cmd.old"
}   


# install the service & runs
$svc = Get-Service "$solrInstanceName" -ErrorAction SilentlyContinue
if(!($svc))
{
    Write-Host "Installing Solr service"
    &"$installFolder\nssm-$nssmVersion\win64\nssm.exe" install "$solrInstanceName" "$solrRoot\bin\solr.cmd" "-f" "-p $solrPort"
 &"$installFolder\nssm-$nssmVersion\win64\nssm.exe" set "$solrInstanceName" "Description" "$solrPort"
    $svc = Get-Service "$solrInstanceName" -ErrorAction SilentlyContinue
}
if($svc.Status -ne "Running")
{
    Write-Host "Starting Solr service"
    Start-Service "$solrInstanceName"
}
else
{
 Write-Host "Re-Starting Solr service"
    Restart-Service "$solrInstanceName"
}

# finally prove it's all working
Invoke-Expression "start https://$($solrHost):$solrPort/solr/#/"

What is does is simply creates certificate for existing solr running on specified port, installs it on a machine and copies it to etc folder of the $solr\server\etc, and edit its solr.in.cmd file with generated certificate and restarts or starts service.
Now, I am using the same script to make any non https solr to https. Cheers !!!

Labels

Labels:

Comments

  1. AnonymousJanuary 31, 2022 at 12:49 PM

    Play at The Sands Casino and Resort - New Jersey
    At Sands Casino and Resort, you'll find a variety of slots, table games, video poker 바카라 and a live septcasino poker room. All you have to do is pick 1xbet korean your favorite game.

    ReplyDelete

Post a Comment

Popular posts from this blog

High CPU to completely normal CPU - SXA issue, SXA pages not loading in mobile device

  Hi Team, Today i am going to share one of the nightmarish issue with you all, We are having Sitecore 9.1.1 hosted in azure PaaS environment Our site was working just fine and no noise, but we have been working on a feature release where 7-8 months of development needed to be released to production, Big GO LIVE event right?  Also to make the development smoother we also introduced BLUE/GREEN deployment slots in the same release, so we can easily SWAP slots and go live Everything went well, we went live, we even did load and performance testing on our staging and pre-prod and we were confident enough of results Very next day we started getting "SITE DOWN" alerts, and also product owners and clients mentioned that site is very slow for them in US time and in our morning when we were accessing it, it was working lighting fast so we were clue less at start, but we started digging  1) First thing caught our eyes were HIGH CPU spikes, in US time, also without any traffic CPU u...
3 comments
Read more

One or more exceptions occurred while processing the subscribers to the 'item:creating' event

I was recently installing the packages from one of the QA environment to my local Sitecore instance, "Media library package" to be precise, And it started giving me this below error One or more exceptions occurred while processing the subscribers to the 'item:creating' event Looking at the sitecore logs, it gave me more info on the context and the actual inner exception was following Solution: 'Name' should consist only of letters, digits, dashes or underscore Now it was evident that some of my file names were violating the naming rule, I could see in the log just before exception from where the installer stopped creating items, and that file name had round braces "(" and ")" at the end of it, with my surprise I was able to create the item with those name in the content tree, but below was the solution for it, Solution I am using SC 9.0.1 and in that Go to Sitecore.Marketing.config file residing in "App_Config\Sitecore\Mar...
9 comments
Read more

An error occurred while receiving the HTTP response to This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.

You have noticed many times that everything was working fine and suddenly the below error starts coming and you find no way to work it out An error occurred while receiving the HTTP response to This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. The reason for this is the receiving size of WCF service is smaller then the data which is coming from service It was working before because it was small,So you will have to try to increase the receiving setting in your end point,Possible settings can be following maxStringContentLength="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" maxArrayLength="2147483647" That would definately help you!!!
1 comment
Read more