You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-user@lucene.apache.org by Matt Wise <ma...@nextdoor.com> on 2012/06/28 00:03:51 UTC

SSL Client Cert Keystore for Solr Replication config?

Our Solr master server protects access to itself by requiring that the clients provide a signed SSL client cert from the same CA as the Solr server itself. This is all handled within an Nginx reverse-proxy thats on the Solr server itself.

This works great for clients... not so great for replication. We want to do replication access control the same way... but I have no idea how to get Tomcat/Solr to use a particular keypair when making outbound HTTPS requests to https://master/solr/replication. Any ideas?

Re: SSL Client Cert Keystore for Solr Replication config?

Posted by Lance Norskog <go...@gmail.com>.

I believe this is what the Java 'keystore' is for. You give a Java VM
start option for the keyring file, and from then on outgoing sockets
use the certs for the target clients.

http://www.startux.de/index.php/java/44-dealing-with-java-keystoresyvComment44

http://www.lazgosoftware.com/kse/index.html

On Wed, Jun 27, 2012 at 3:03 PM, Matt Wise <ma...@nextdoor.com> wrote:
> Our Solr master server protects access to itself by requiring that the clients provide a signed SSL client cert from the same CA as the Solr server itself. This is all handled within an Nginx reverse-proxy thats on the Solr server itself.
>
> This works great for clients... not so great for replication. We want to do replication access control the same way... but I have no idea how to get Tomcat/Solr to use a particular keypair when making outbound HTTPS requests to https://master/solr/replication. Any ideas?
>



-- 
Lance Norskog
goksron@gmail.com