[ https://issues.apache.org/jira/browse/SOLR-4839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14510329#comment-14510329 ]
Steve Davids commented on SOLR-4839: ------------------------------------ Looks good, though we might want to think about *not* reusing the javax.net.ssl.* for the jetty key/trust store configuration. I could think of a few cases where you might want to make the two different, ie one value for the client request and one value for the jetty connector, unless of course the recommendation is to only use self-signed certs for both client and server. Though, maybe the solr.in.sh could have something like: {code} SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks SOLR_SSL_KEY_STORE_PASSWORD=secret SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks SOLR_SSL_TRUST_STORE_PASSWORD=secret #### OVERRIDE PREVIOUSLY DEFINED SSL VALUES FOR HTTP CLIENT IF NECESSARY ###### #SOLR_SSL_CLIENT_KEY_STORE= #SOLR_SSL_CLIENT_KEY_STORE_PASSWORD= #SOLR_SSL_CLIENT_TRUST_STORE= #SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD= {code} Then the solr startup script can set the javax.net.ssl.* system properties for the client side + create something like jetty.ssl.truststore/keystore/etc on the jetty server side. This would allow a little bit more flexibility for people who might want to use a different certificate or trust store between the http client and server, though this really is getting more on a fringe use case. > Jetty 9 > ------- > > Key: SOLR-4839 > URL: https://issues.apache.org/jira/browse/SOLR-4839 > Project: Solr > Issue Type: Improvement > Reporter: Bill Bell > Assignee: Shalin Shekhar Mangar > Fix For: Trunk, 5.2 > > Attachments: SOLR-4839-conform-jetty9_2_10.patch, > SOLR-4839-conform-jetty9_2_10.patch, SOLR-4839-fix-eclipse.patch, > SOLR-4839-jetty9.2.10, SOLR-4839-mod-JettySolrRunner.patch, > SOLR-4839-ssl-support_patch.patch, SOLR-4839-ssl-support_patch.patch, > SOLR-4839.patch, SOLR-4839.patch, SOLR-4839.patch, SOLR-4839.patch, > SOLR-4839.patch, SOLR-4839.patch, SOLR-4839.patch, SOLR-4839.patch, > SOLR-4839.patch > > > Implement Jetty 9 -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org