Sitecore 9.0 Update-1 Setting up Solr with SSL

  1. Prerequisites

    • Solr requires Java Runtime Environment (JRE) version 8.8 or later available on the machine.
    • Check Java version in CMD with “java -version”Java-version
  2. Download the file from here

    • SolrZip
  3. Extract the zip file and copy the files to a location, say C:\solr-6.6.2

  4. Now we need to set up SSL certificate

    • Instead of doing the following below you can run a script provided by Kam Figy to automate this process. Here is the link to Quickly add SSL to SOLR. However, if you are feeling like doing the manual steps because you want to know what is going on behind the scenes then feel free to keep following directions.
    • Open a command prompt as an Administrator
    • Navigate to C:\Program Files\Java\jdk-9.0.4\bin
    • Next, put in the following code to generate a keystore file named “solr-ssl.keystore.jks” in the above directory:
      keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP: -dname "CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country
      Solr SSL
    • Copy the keystore file named “solr-ssl.keystore.jks” and paste into the “server\etc” folder, which in my case is “C:\solr-6.6.2\server\etc“.
    • Open up the “” file in the bin folder in Notepad++ and uncomment the section for setting SSL-related system properties “C:\solr-6.6.2\bin“. Below is the uncommented section:
      REM Uncomment to set SSL-related system properties
      REM Be sure to update the paths to the correct keystore for your environment
      set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
      set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
    • you will need to add the certificate as a trusted root certificate using the Microsoft Management Console. Now, you will need to convert your .jks file to a .pfx file so you can import into Trusted Root Certification Authorities store for a local computer.
      keytool -importkeystore -srckeystore "C:\solr-6.6.2\server\etc\solr-ssl.keystore.jks" -srcstoretype JKS -srcstorepass secret -destkeystore "C:\solr-6.6.2\server\etc\solr-ssl.keystore.pfx" -deststoretype PKCS12 -deststorepass secret
    • here are directions on Adding certificates to the Trusted Root Certification Authorities store for a local computer.
  5. Setup SOLR to run as Windows Service

    • I will want to start it as a Windows service so I don’t have to turn it on/off when I need to interact with the SOLR indexes. We want to work smarter, not harder so we will setup the Windows service using the NSSM (Non-Sucking Service Manager) to help us with this task. I will download the “prerelease build 2.2.4-101” because I am using Windows 10 and had a previous issue where the service would fail to start using other NSSM versions. You can try the latest version but if it fails to start the service, try the prerelease version I mentioned.
    • Once I download the .zip file, I extract it, and rename it from “nssm-2.24-101-g897c7ad” to “nssm” and cut/copy the files into the “C:\Program Files” folder. I renamed because it will make it easier to start the program, which I will show you now.
    • Open a command prompt as an Administrator
    • Navigate to C:\Program Files\nssm\win64

      nssm Install solr6
    • This will bring up the NSSM Service Editor dialog box. In the Application tab, for the Path field I navigate to my solr script located here (C:\solr-6.6.2\bin\solr.cmd), which once selected will fill in the Startup Directory by default, which for me is (C:\solr-6.6.2\bin). For the Arguments, I put in the following:
      start -f -p 8983
    • In Details tab input Display Name, Description and at bottom add your friendly Service name “SOLR662′
    • Click on Install Service
  6. Starting Solr Windows Service

    1. Go to Services
    2. Search for Name “SOLR662” in my case
    3. Click on start.
  7. Make sure that the SOLR dashboard pulls up in your Internet browser by browsing to https://localhost:8983/solr. If the SOLR administration panel is available then you are now done with this.

Published by Deepen

Sitecore Certified .Net Developer

One thought on “Sitecore 9.0 Update-1 Setting up Solr with SSL

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: