How to Install Solr with SSL on Windows 10
Nov 06, 2017
If you are Sitecore developer implementing Solr as a Search provider for Sitecore 9, you are required to have all communications between Sitecore and Solr to be secure. (It’s not a bad idea to secure earlier versions as well). The following is a quick guide to enabling SSL on Solr in a Windows 10 development environment.
-
Make sure a JRE is installed in your computer
-
Open a PowerShell window
-
Create a self-signed certificate using the following command:
New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -DnsName "localhost", "127.0.0.1" -FriendlyName "SolrCert" -NotAfter (Get-Date).AddYears(10)
-
Open the MMC, and add the Certificates - Local Computer console (or in Windows 10, search in Cortana for "Manage computer certificates" and open it)
-
Open the Personal → Codeertificates node on the left pane, and right click on the newly created certificate.
-
Copy the certificate to Trusted Root Certification Authorities/Certificates
-
On the pop-up menu, select All Tasks → Export...:
-
On the second wizard screen, select "Yes, export the private key" and click Next.
-
Make sure only the "Include ll certificates in the certification path if possible" option is selected, and click Next.
-
Check the "Password" checkbox, and enter (and confirm) a password. Take note of this password. For this example we will use "secret". Click Next.
-
Select a location to create the PFX file, give it a name (for this example, "solr_ssl_cert.pfx") and click Next to finish the wizard.
-
-
Download Solr from the Apache Solr website. For Windows, download the ZIP file.
-
Unzip the Solr installation file (for this example, I unzipped it under
C:\apache
, so the final installation will be underC:\apache\solr-x.x.x
being x.x.x the version) -
In a text editor, open the
C:\apache\solr-x.x.x\bin\solr.in.cmd
file and uncomment the following section:solr.in.cmd Uncomment
REM Uncomment to set SSL-related system properties REM Be sure to update the paths to the correct keystore for your environment set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks set SOLR_SSL_KEY_STORE_PASSWORD=secret set SOLR_SSL_KEY_STORE_TYPE=JKS set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks set SOLR_SSL_TRUST_STORE_PASSWORD=secret set SOLR_SSL_TRUST_STORE_TYPE=JKS set SOLR_SSL_NEED_CLIENT_AUTH=false set SOLR_SSL_WANT_CLIENT_AUTH=false
-
Change the following values (for this example, the PFX file is located at
C:\apache\solr_ssl_cert.pfx
, and the password is "secret" as set on step 6c):solr.in.cmd Edits
set SOLR_SSL_KEY_STORE=C:/apache/solr_ssl_cert.pfx set SOLR_SSL_KEY_STORE_PASSWORD=secret set SOLR_SSL_KEY_STORE_TYPE=PKCS12 set SOLR_SSL_TRUST_STORE=C:/apache/solr_ssl_cert.pfx set SOLR_SSL_TRUST_STORE_PASSWORD=secret set SOLR_SSL_TRUST_STORE_TYPE=PKCS12
-
Test the Solr installation by running the following command in the Command Prompt:
C:\apache\solr-x.x.x\bin\solr.cmd start -f -p 8984
-
In a browser, navigate to
https://localhost:8984
and, if you added the certificate to the Trusted Root, it shouldn't give you a security warning. -
Stop Solr in the Command Prompt by pressing Ctrl-C.
-
Install Solr as a Windows Service. Use nssm, follow the instructions here but make sure to set the -p parameter to 8984.
Related Insights
-
Wladimir Moyano
-
Trotsky Gonzalez
-
Yamilet Contreras
Docker and Sitecore
Scalability & Efficiency in Web Development
-
Mateo Recoba
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.