This walkthrough describes the process on solr ssl certificate generation and its intallation guide will be briefly elaborated through easy-to-follow steps for Sitecore 9 framework intallation set up prerequisites or requirements.
Required programs or applications:
- Latest Java JDK / JRE installed
- This installation was done on a Windows 10 Enterprise Machine(64bit) with a Version of 1703
- Latest Powershell Version(most people who installed windows 10 as their operating system have this already)
INSTALLATION:
- Download latest JAVA JDK / JRE on oracle.com and set them as your Environment Variable on your computer
Go to advance system settings and click on the environment variable. Now click “NEW” to set the JAVA_HOME environment and point it to the installation folder of your java jre and on the Path click EDIT and add the path to your bin file inside the JRE Folder as you can see on the red boxes on the images.
- Download SOLR –in this installation I was using the version 6.6.2 (there is already a version 7 but not too sure if it will work with the current SIF(sitecore install framework) script) download site : https://archive.apache.org/dist/lucene/solr/ choose the zip file if you are using windows and extract the contents then store it somewhere in your drive (user preference). Make sure the extracted folder / file contains the FF.
- MAKING SOLR SSL CERTIFICATE — we need to download a few software / tools to help us do this.
Download Not Sucking Service Manager and install Solr as a service
You will find zip here: https://nssm.cc/download – just extract it somewhere and go to this path(the path where you extracted your NSSM file) in your PowerShell window. Then call “.\nssm.exe install NameOfSolrService
”
The path shown on the image below is the one I used : the nssm.exe file inside the win64 folder and I named the service as solr.
and you will see new window with some settings. Set them with the following values:
– Path: C:\solr\solr-6.6.2\bin\solr.cmd
– Startup Directory: C:\solr\solr-6.6.2\bin
– Arguments: start -p 662 -f
- PATH: path for your solr.cmd it depends on how you extracted your solr file
- STARTUP DIRECTORY: your solr bin folder (normally it’s automatically detected)
- ARGUMENTS : how you want your service to run
Since I already installed the service, I just went to the editing window since it will be the same as what you will see first time. You can use any port. In my case, I used 8983 the default one.
After form submission, you should see new service on the list of services (Windows > Run > Services) . If your service is not running , just run it from services windows – it will start automatically after restart. Your solr will be available on the url http://localhost:8983/solr/ if you used 8983. If your using a different port just change the port number after localhost domain.
Generate SOLR Certificates
I used approach from this website https://lucene.apache.org/solr/guide/6_6/enabling–ssl.html#EnablingSSL–BasicSSLSetup
At the beginning you should check if you have JRE installed – if not to install it and then in the path C:\Program Files\Java\jre-9.0.1\bin\keytool.exe you will find keytool.exe which will generate certificates for you (you might have different path – depends on version of JRE).
Then open again PowerShell and enter into SOLR directory
C:\solr\solr-6.6.2\server\etc and run following command & ‘C:\Program Files\Java\jre-9.0.1\bin\keytool.exe ‘ -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:127.0.0.1 -dname “CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country”
You should notice that we have got there a keypass equal to “secret” which can be changed on local, and should be changed on other environments.
Then we need to convert key to PEM format with command:
& ‘C:\Program Files\Java\jre-9.0.1\bin\keytool.exe ‘ -importkeystore -srckeystore solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype pkcs12
You will be asked few times for password – use “secret” or your own.
Then we need to convert generated key for next format with OpenSSL – download OpenSSL from here https://indy.fulgan.com/SSL/openssl-0.9.8r–x64_86-win64-rev2.zip and extract into C:\Program Files (x86)\OpenSSL – or anywhere you want to extract it I was using the lastest stable version (2.24)
and run command:
& ‘C:\Program Files (x86)\OpenSSL\openssl.exe’ pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem
Note
SHOULD BE STILL ON YOUR SOLR DIRECTORY C:\solr\solr-6.6.2\server\etc , do not change directory
If done, right click and you will see the following files on your etc directory from solr
Import certificate to the trusted certificates
Open “Windows > Run > mmc” and manage certificates. Import created certificate to the list of trusted ones.
Change SOLR settings
In final step you need to change yours configuration for SOLR. Open SOLR server directory C:\solr\solr-6.6.2\bin – depending still on how you extracted the file. and open to edit of solr.in.cmd file. Then add following settings at the end:
Now, to test this instead of using http://localhost:yourportnumber/solr use https://localhost:yourportnumber/solr if it loads then it is a success! Now we will proceed to sitecore 9 installation.
Here’s the link :https://sitecoreazuremvc.wordpress.com/2017/11/10/sc-9-installation-guide/
Sitecore Experience Platform 
Leave a comment