[ https://issues.apache.org/jira/browse/SOLR-8343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17203958#comment-17203958 ]
Andras Salamon commented on SOLR-8343: -------------------------------------- I'm testing Solr 8.4.1 + Zookeeper 3.5.5 with SSL and {{zkcli.sh}} was working after I set the following: {noformat} export ZKCLI_JVM_FLAGS="-Dzookeeper.client.secure=true -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.ssl.keyStore.location=/path/to/keystore.jks -Dzookeeper.ssl.keyStore.password=REDACTED -Dzookeeper.ssl.trustStore.location=/path/to/truststore.jks -Dzookeeper.ssl.trustStore.password=REDACTED"{noformat} The command: {noformat} zkcli.sh -zkhost <FQDN>:2182/solr -cmd getfile /solr.xml /tmp/solr.xml{noformat} 2182 is the secure port of our Zookeeper (2181 is the unsecure). I had to use FQDN in zkhost, localhost is not working with SSL. What does "native support" mean in this Jira description? There is a commented out section for ZK ACL settings? Should we add an other commented out section to help the usage? Or some new environment variables could be used here to setup ZKCLI_JVM_FLAGS? > zkcli.sh support for SSL enabled ZK communication > ------------------------------------------------- > > Key: SOLR-8343 > URL: https://issues.apache.org/jira/browse/SOLR-8343 > Project: Solr > Issue Type: Sub-task > Components: scripts and tools > Reporter: Jan Høydahl > Priority: Major > > If communicating with a secured ZooKeeper, {{zkcli.sh}} script should have > native support for specifying the needed configurations, ref > https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org