Our Solr master server protects access to itself by requiring that the clients provide a signed SSL client cert from the same CA as the Solr server itself. This is all handled within an Nginx reverse-proxy thats on the Solr server itself.
This works great for clients... not so great for replication. We want to do replication access control the same way... but I have no idea how to get Tomcat/Solr to use a particular keypair when making outbound HTTPS requests to https://master/solr/replication. Any ideas?