Sitecore 9 – set up SOLR SSL step by step

I’ve noticed that many people have many issues with set up of SSL for SOLR instance. In this blog post you will find everything what you need to know to do this. Just follow all steps which you will find below.

  1. Download SOLR 6.2.2
    If you want to install SOLR on Windows get zip file from following page: http://ftp.ps.pl/pub/apache/lucene/solr/6.6.2/
    then extract files into (you can choose different directory if you want).

    C:\solr\solr-6.6.2
  2. Download Not Sucking Service Manager and install Solr as a service
    You will find zip here: https://nssm.cc/download – just extract it somewhere and go to this path in your PowerShell window. Then call

    .\nssm.exe install NameOfSolrService

    and you will see new window with some settings. Set there following values:

    - Path: C:\solr\solr-6.6.2\bin\solr.cmd
    
    - Startup Directory: C:\solr\solr-6.6.2\bin
    
    - Arguments: start -p 662 -f -v

    After form submission you should see new service on the list of services (Windows > Run > Services) . If your service is not running – just run it from services windows – it will start automatically after restart.
    We have chosen port 662 so our SOLR instance currently will be available under url http://localhost:662/solr/

  3. Generate SOLR Certificates
    We use approach from this website https://lucene.apache.org/solr/guide/6_6/enabling-ssl.html#EnablingSSL-BasicSSLSetup
    At the beginning you should check if you have JRE installed – if not install it and then in the path

    C:\Program Files (x86)\Java\jre1.8.0_141\bin\keytool.exe

    you will find keytool.exe which will generate certificates for you (you might have different path – depends on version of JRE).
    Then open again PowerShell and enter into SOLR directory

    C:\solr\solr-6.6.2\server\etc

    and run following command

    & 'C:\Program Files (x86)\Java\jre1.8.0_141\bin\keytool.exe' -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:127.0.0.1 -dname "CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country"

    You should notice that we have got there keypass equal to “secret” which can be changed on local, and should be changed on other environments.
    Then we need to convert key to PEM format with command:

    & 'C:\Program Files (x86)\Java\jre1.8.0_141\bin\keytool.exe' -importkeystore -srckeystore solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype pkcs12

    You will be asked few times for password – use “secret” or your own.
    Then we need to convert generated key for next format with OpenSSL – download OpenSSL from here https://indy.fulgan.com/SSL/openssl-0.9.8r-x64_86-win64-rev2.zip and extract into

    C:\Program Files (x86)\OpenSSL

    and run command:

    & 'C:\Program Files (x86)\OpenSSL\openssl.exe' pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem
  4. Import certificate to the trusted certificates
    Opem “Windows > Run > mmc” and manage certificates. Import created certificate to the list of trusted ones.
  5. Change SOLR settings
    In final step you need to change yours configuration for SOLR. Open SOLR server directory

    C:\solr\solr-6.6.2\bin

    and open to edit of solr.in.cmd file. Then add at the end following settings:

    set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
    
    set SOLR_SSL_KEY_STORE_PASSWORD=secret
    
    set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
    
    set SOLR_SSL_TRUST_STORE_PASSWORD=secret
    
    REM Require clients to authenticate
    
    set SOLR_SSL_NEED_CLIENT_AUTH=false
    
    REM Enable clients to authenticate (but not require)
    
    set SOLR_SSL_WANT_CLIENT_AUTH=false
  6. Test
    To test if it works you need to restart yours SOLR service. After restart SOLR will not longer work with http protocol – so you need to go into “https://localhost:662/solr” to check how your SSL works.

And now you are ready to install Sitecore 9 and xConnect. Have a good fun with it!

Sitecore with Solr – required configuration

In this post I will provide you some information about configuration of your Sitecore for work with Solr server.

Probably everyone who faced with that task, found the most popular and really good guide from sitecore-community.github.io (click).

But there is a one more thing which should be made. About this additional configuration I will write today.

We have to configure our Inversion of Control containers.

When we want to use Sitecore with Solr we have to configure at lease two inversion of control containers to work parallel. (Autofac and Windsor).

So lets do it!

Open your Global.asax.cs file and check your MvcApplication class definition – it should extend a WindsorApplication. So code will look in the following way:

public class MvcApplication : WindsorApplication

Ok, the next step is initialization code for your containers. This code should looks like:

public override void Application_Start()
        {            
            this.Container = (IWindsorContainer)new WindsorContainer();
            new WindsorSolrStartUp(this.Container).Initialize();
            RouteConfig.RegisterRoutes(RouteTable.Routes);
 
            AutofacConfig.RegisterConfiguration();
        }

When you have your application configured in this way you may be sure that Sitecore tools (like administration panel) and communication with Solr server will work properly.

Well and the last but not least thing – check your Global.asax file – code inside it should look like:

<%@ Application Codebehind="Global.asax.cs" Inherits="<PROJECT_NAMESPACE>.MvcApplication" Language="C#" %>​

If you have any questions or problems, do not hesitate to ask or comment bellow the post.