This blog covers how to establish successful communication (through https protocol) between existing alfresco and solr server:
Steps performed on Local envt (Windows)
- 1) Stop alfresco as well as solr servers.
- 2) Go to the directory where the alfresco-ssl-generator-master zip is placed. (you can find the git project of it and download it)
- 3) Unzip the alfresco-ssl-generator-master.zip
- 4) After unzipping, go to folder à alfresco-ssl-generator-master/ssl-tool-win and run the run.bat file (for linux, run the run.sh file through ./run.sh command). NOTE: For linux, you have to go to alfresco-ssl-generator-master/ssl-tool and run the run.sh file.
- 5) The files will be extracted at the same location.
- 6) Go to alfresco-ssl-generator-master/ssl-tool-win/keystores/. You will find alfresco, client, solr, zeppelin folders.
- 7) Go to alfresco folder. Pick all files from alfresco folder and copy to alfresco’s keystore (alfresco6.2.2\keystore -> windows directory): Below command to be executed for dev (linux) envt.
a.
cp * /app/alfresco/keystore/ (this is the path where alfresco keystores will exist. )
- 8) Go to solr folder. Pick all files from solr folder and copy to solr’s keystore. Below commands to be executed for dev (linux) envt.
a.
cp *
/app/alfresco-insight-engine/solrhome/alfresco/conf/
b.
chmod 777 ssl-repo-client*
c.
cp * /app/alfresco-insight-engine/solrhome/archive/conf/
d.
chmod 777 ssl-repo-client*
e.
cp *
/app/alfresco-insight-engine/solrhome/templates/rerank/conf/
f.
chmod 777 ssl-repo-client*
g.
cp *
/app/alfresco-insight-engine/solrhome/templates/noRerank/conf/
h. chmod 777 ssl-repo-client*
- 9) Go to /app/alfresco/apache-tomcat-8.5.43/shared/classes/
a.
Edit alfresco-global.properties
b.
Set/Update the following properties
c.
dir.keystore=${dir.root}/keystore
d.
solr.secureComms=https
e.
solr.port=8983
f.
alfresco.port=8443
g.
alfresco.protocol=https
h.
share.port=8443
i.
share.protocol=https
- 10) Go to apache-tomcat-8.5.43/conf
a.
Edit server.xml
b.
Add the following section:
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
maxThreads="150"
SSLEnabled="true">
<SSLHostConfig
certificateVerification="none"
truststoreFile="<FULL_PATH_TO_KEYSTORE_FILES>\\ssl.truststore"
truststorePassword="truststore"
truststoreType="JCEKS" >
<Certificate
certificateKeystoreFile="<FULL_PATH_TO_KEYSTORE_FILES>\\ssl.keystore"
certificateKeystorePassword="keystore"
certificateKeystoreType="JCEKS" />
</SSLHostConfig>
</Connector>
- 11) Go to \alfresco-insight-engine\solr\bin (NOTE: try to run solr from C drive or the drive where executables have full permissions, and are not resricted to run)
a.
Edit solr.in.bat (For linux, it will be
solr.in.sh)
b.
Add the following properties
set SOLR_PORT=8983
set SOLR_SOLR_HOST=localhost
set SOLR_ALFRESCO_HOST=localhost
set SOLR_SSL_KEY_STORE=<SOLR_HOME_FULLPATH>\\keystore\\ssl.repo.client.keystore
set SOLR_SSL_KEY_STORE_PASSWORD=keystore
set SOLR_SSL_KEY_STORE_TYPE=JCEKS
set SOLR_SSL_TRUST_STORE=<SOLR_HOME_FULLPATH>\\keystore\\ssl.repo.client.truststore
set SOLR_SSL_TRUST_STORE_PASSWORD=truststore
set SOLR_SSL_TRUST_STORE_TYPE=JCEKS
set SOLR_SSL_NEED_CLIENT_AUTH=true
set SOLR_SSL_WANT_CLIENT_AUTH=false
- 12) Go to \alfresco-insight-engine\solrhome\alfresco\conf\
a.
Edit solrcore.properties
b.
Add/Verify or Change the following properties:
alfresco.encryption.ssl.truststore.location=ssl.repo.client.truststore
data.dir.root=
alfresco.encryption.ssl.keystore.provider=
alfresco.encryption.ssl.keystore.location=ssl.repo.client.keystore
alfresco.encryption.ssl.truststore.provider=
alfresco.port.ssl=8443
alfresco.encryption.ssl.truststore.passwordFileLocation=ssl-truststore-passwords.properties
alfresco.port=8443
alfresco.secureComms=https
alfresco.encryption.ssl.keystore.passwordFileLocation=ssl-keystore-passwords.properties
- 13) Go to \alfresco-insight-engine\solrhome\archive\conf\
a.
Edit solrcore.properties
b.
Add/Verify or Change the following properties:
alfresco.encryption.ssl.truststore.location=ssl.repo.client.truststore
data.dir.root=
alfresco.encryption.ssl.keystore.provider=
alfresco.encryption.ssl.keystore.location=ssl.repo.client.keystore
alfresco.encryption.ssl.truststore.provider=
alfresco.port.ssl=8443
alfresco.encryption.ssl.truststore.passwordFileLocation=ssl-truststore-passwords.properties
alfresco.port=8443
alfresco.secureComms=https
alfresco.encryption.ssl.keystore.passwordFileLocation=ssl-keystore-passwords.properties
- 14) Go to \alfresco-insight-engine\solrhome\templates\rerank\conf\
a.
Edit solrcore.properties
b.
Add/verify or change the following properties:
alfresco.port=8443
alfresco.port.ssl=8443
alfresco.secureComms=https
alfresco.encryption.ssl.keystore.provider=
alfresco.encryption.ssl.keystore.location=ssl.repo.client.keystore
alfresco.encryption.ssl.keystore.passwordFileLocation=ssl-keystore-passwords.properties
alfresco.encryption.ssl.truststore.provider=
alfresco.encryption.ssl.truststore.location=ssl.repo.client.truststore
alfresco.encryption.ssl.truststore.passwordFileLocation=ssl-truststore-passwords.properties
- 15) Go to \alfresco-insight-engine\solrhome\templates\noRerank\conf\
a.
Edit solrcore.properties
b.
Add/verify or change the following properties:
alfresco.port=8443
alfresco.port.ssl=8443
alfresco.secureComms=https
alfresco.encryption.ssl.keystore.provider=
alfresco.encryption.ssl.keystore.location=ssl.repo.client.keystore
alfresco.encryption.ssl.keystore.passwordFileLocation=ssl-keystore-passwords.properties
alfresco.encryption.ssl.truststore.provider=
alfresco.encryption.ssl.truststore.location=ssl.repo.client.truststore
alfresco.encryption.ssl.truststore.passwordFileLocation=ssl-truststore-passwords.properties
- 16) Go to \alfresco-insight-engine\solr\bin and start solr:
a.
Solr start (Please refer the link below mentioned as reference to start solr if you are starting it for the first time and solr cores are yet to be created)
b.
It should run successfully on port 8983 and
accessible from browser through https
c.
For certificate, Import the browser.p12
certificate (located at alfresco-ssl-generator-master\ssl-tool-win\keystores\client)
in your browser.
- 17) If solr starts successfully and is accessible on port 8983 over https, then go ahead and start alfresco. Go to alfresco6.2.2\apache-tomcat-8.5.43\bin
a.
startup.bat
b.
After alfresco starts, it should run and
accessible over https in browser through port 8443.
