If you are Sitecore developer implementing Solr as a Search provider for Sitecore 9, you are required to have all communications between Sitecore and Solr to be secure. (It’s not a bad idea to secure earlier versions as well). The following is a quick guide to enabling SSL on Solr in a Windows 10 development environment.
- Make sure a JRE is installed in your computer
- Open a PowerShell window
Create a self-signed certificate using the following command:
New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -DnsName "localhost", "127.0.0.1" -FriendlyName "SolrCert" -NotAfter (Get-Date).AddYears(10)
- Open the MMC, and add the Certificates - Local Computer console (or in Windows 10, search in Cortana for "Manage computer certificates" and open it)
- Open the Personal → Codeertificates node on the left pane, and right click on the newly created certificate.
- Copy the certificate to Trusted Root Certification Authorities/Certificates
- On the pop-up menu, select All Tasks → Export...:
- On the second wizard screen, select "Yes, export the private key" and click Next.
- Make sure only the "Include ll certificates in the certification path if possible" option is selected, and click Next.
- Check the "Password" checkbox, and enter (and confirm) a password. Take note of this password. For this example we will use "secret". Click Next.
- Select a location to create the PFX file, give it a name (for this example, "solr_ssl_cert.pfx") and click Next to finish the wizard.
- Download Solr from the Apache Solr website. For Windows, download the ZIP file.
- Unzip the Solr installation file (for this example, I unzipped it under C:\apache, so the final installation will be under C:\apache\solr-x.x.x being x.x.x the version)
In a text editor, open the C:\apache\solr-x.x.x\bin\solr.in.cmd file and uncomment the following section:
REM Uncomment to set SSL-related system properties REM Be sure to update the paths to the correct keystore for your environment set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks set SOLR_SSL_KEY_STORE_PASSWORD=secret set SOLR_SSL_KEY_STORE_TYPE=JKS set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks set SOLR_SSL_TRUST_STORE_PASSWORD=secret set SOLR_SSL_TRUST_STORE_TYPE=JKS set SOLR_SSL_NEED_CLIENT_AUTH=false set SOLR_SSL_WANT_CLIENT_AUTH=false
Change the following values (for this example, the PFX file is located at C:\apache\solr_ssl_cert.pfx, and the password is "secret" as set on step 6c):
set SOLR_SSL_KEY_STORE=C:/apache/solr_ssl_cert.pfx set SOLR_SSL_KEY_STORE_PASSWORD=secret set SOLR_SSL_KEY_STORE_TYPE=PKCS12 set SOLR_SSL_TRUST_STORE=C:/apache/solr_ssl_cert.pfx set SOLR_SSL_TRUST_STORE_PASSWORD=secret set SOLR_SSL_TRUST_STORE_TYPE=PKCS12
Test the Solr installation by running the following command in the Command Prompt:
- In a browser, navigate to "https://localhost:8984" and, if you added the certificate to the Trusted Root, it shouldn't give you a security warning.
- Stop Solr in the Command Prompt by pressing Ctrl-C.
- Install Solr as a Windows Service. Use nssm, follow the instructions here but make sure to set the -p parameter to 8984.