'Is it possible to use Solr with SSL and CA-Signed Certs

I'd like to use SSL with my Solr instance (in the cloud). The instructions here speak only to using a self-signed cert https://cwiki.apache.org/confluence/display/solr/Enabling+SSL#EnablingSSL-CreateaSolrCloudcollectionusingbin/solr

But I'd rather not distribute around a keystore/truststore to each Solr node and my clients too.

Is there a way I can use CA-signed certs with Solr?

securitysslsolrlucenejetty


Solution 1:[1]

Convert your CA cert into .PFX and place it in etc folder and update config as below -

set SOLR_SSL_KEY_STORE=etc/<certfilename>.pfx
set SOLR_SSL_KEY_STORE_TYPE=PKCS12

Solution 2:[2]

The Java truststore and keystore files are the same regardless if its self-signed or CA-signed certificates.

Using the instructions from your CA, import the appropriate certificates to the truststore and keystore that Solr will use, and then configure your Solr to point to your new truststore/keystore files (and required passwords to access the certificates).

In other words, follow the instructions you linked, just skip the first step (Generate a self-signed certificate and a key), the rest of the instructions are still valid, even with your CA-signed certificates.

Solution 3:[3]

I went through this great blog on this

https://getfishtank.ca/blog/updating-ssl-certificates-in-solr

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Surya Narayan
Solution 2 Joakim Erdfelt
Solution 3 Amin Sayed

Related Questions

Secure cookies flag always getting lost in first session after resetting IIS

How to show or hide contents of an aspx page based on current user's roles

protect images on webpage from being copied/saved?

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Disable SSLHandshakeException for a single connection

SSL certificate error for IE users only

How to access HttpContext and Request in RequireAssersion?

Send Public key(generated as seckeyref in iPhone) to server(in Java)

The EXECUTE permission is denied on the user-defined table types?

cannot commit or push using egit (guess: issues with secure storage area)

Authorisation in microservices - how to approach domain object or entity level access control using ACL?

Adding nonce value to @Scripts.Render ASP.Net MVC razor pages with NWebSec

SSL Java java.io.IOException: Invalid keystore format

preventing abuse of API service usage

Protecting or Licensing a Django Application