[ https://issues.apache.org/jira/browse/SOLR-10025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Risden closed SOLR-10025. ------------------------------- Resolution: Duplicate Looks like 6.4 is affected by this and it is a duplicate of SOLR-8491. I can address it with a patch in SOLR-8491 > SOLR_SSL_OPTS are ignored in bin\solr.cmd > ----------------------------------------- > > Key: SOLR-10025 > URL: https://issues.apache.org/jira/browse/SOLR-10025 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Affects Versions: 6.3 > Reporter: Andy Hind > > SSL config fails on windows. > Requires fixes for late binding. > See !SOLR_SSL_OPTS! below > {code} > REM Select HTTP OR HTTPS related configurations > set SOLR_URL_SCHEME=http > set "SOLR_JETTY_CONFIG=--module=http" > set "SOLR_SSL_OPTS= " > IF DEFINED SOLR_SSL_KEY_STORE ( > set "SOLR_JETTY_CONFIG=--module=https" > set SOLR_URL_SCHEME=https > set "SCRIPT_ERROR=Solr server directory %SOLR_SERVER_DIR% not found!" > set "SOLR_SSL_OPTS=-Dsolr.jetty.keystore=%SOLR_SSL_KEY_STORE% > -Dsolr.jetty.keystore.password=%SOLR_SSL_KEY_STORE_PASSWORD% > -Dsolr.jetty.truststore=%SOLR_SSL_TRUST_STORE% > -Dsolr.jetty.truststore.password=%SOLR_SSL_TRUST_STORE_PASSWORD% > -Dsolr.jetty.ssl.needClientAuth=%SOLR_SSL_NEED_CLIENT_AUTH% > -Dsolr.jetty.ssl.wantClientAuth=%SOLR_SSL_WANT_CLIENT_AUTH%" > IF DEFINED SOLR_SSL_CLIENT_KEY_STORE ( > set "SOLR_SSL_OPTS=!SOLR_SSL_OPTS! > -Djavax.net.ssl.keyStore=%SOLR_SSL_CLIENT_KEY_STORE% > -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_CLIENT_KEY_STORE_PASSWORD% > -Djavax.net.ssl.trustStore=%SOLR_SSL_CLIENT_TRUST_STORE% > -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD%" > ) ELSE ( > set "SOLR_SSL_OPTS=!SOLR_SSL_OPTS! > -Djavax.net.ssl.keyStore=%SOLR_SSL_KEY_STORE% > -Djavax.net.ssl.keyStorePassword=%SOLR_SSL_KEY_STORE_PASSWORD% > -Djavax.net.ssl.trustStore=%SOLR_SSL_TRUST_STORE% > -Djavax.net.ssl.trustStorePassword=%SOLR_SSL_TRUST_STORE_PASSWORD%" > ) > ) ELSE ( > set SOLR_SSL_OPTS= > ) > {code} > We also use a non default keystore type and have to disable perr name > chekcking: > {code} > -a "......... -Djavax.net.ssl.keyStoreType=JCEKS > -Djavax.net.ssl.trustStoreType=JCEKS -Dsolr.ssl.checkPeerName=false" > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org