08-10-2022 01:47 AM
Overview
In this post I will be highlingting steps to set up Solr with mutual TLS.
Prerequisites
export JAVA_TOOL_OPTIONS="-Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
-Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=/opt/alfresco-content-service7.2/alf_data/keystore/keystore
-Dmetadata-keystore.password=mp6yc0UD9e -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.password=oKIWzVdEdA
-Dmetadata-keystore.metadata.algorithm=DESede"
Install Search Services with mutual TLS
SOLR_SSL_KEY_STORE=/opt/alfresco-content-service7.2/alfresco-search-services/solrhome/keystore/ssl.repo.client.keystore SOLR_SSL_KEY_STORE_PASSWORD=PASSWORD-CHANGEME SOLR_SSL_KEY_STORE_TYPE=JCEKS SOLR_SSL_TRUST_STORE=/opt/alfresco-content-service7.2/alfresco-search-services/solrhome/keystore/ssl.repo.client.truststore SOLR_SSL_TRUST_STORE_PASSWORD= PASSWORD-CHANGEME SOLR_SSL_TRUST_STORE_TYPE=JCEKS SOLR_SSL_NEED_CLIENT_AUTH=true SOLR_SSL_WANT_CLIENT_AUTH=false SOLR_PORT=8983 SOLR_SOLR_HOST=localhost SOLR_ALFRESCO_HOST=localhost
alfresco-search-services/solrhome/alfresco/solrcore.properties alfresco-search-services/solrhome/archive/solrcore.properties
./solr/bin/solr start -a "-Dcreate.alfresco.defaults=alfresco,archive
-Dsolr.ssl.checkPeerName=false -Dsolr.allow.unsafe.resourceloading=true
-Dssl-keystore.password= PASSWORD -Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo-client
-Dssl-keystore.ssl-alfresco-ca.password= PASSWORD -Dssl-keystore.ssl-repo-client.password= PASSWORD
-Dssl-truststore.password= PASSWORD -Dssl-truststore.aliases=ssl-alfresco-ca,ssl-repo,ssl-repo-client
-Dssl-truststore.ssl-alfresco-ca.password= PASSWORD -Dssl-truststore.ssl-repo.password= PASSWORD
-Dssl-truststore.ssl-repo-client.password= PASSWORD " -f
Caused by: java.io.FileNotFoundException: Caused by Can't find resource 'ssl.repo.client.keystore' in classpath or '/opt/alfresco-content-service7.2/alfresco-search-services/solrhome/alfresco'
./solr/bin/solr start -a “-Dsolr.ssl.checkPeerName=false -Dsolr.allow.unsafe.resourceloading=true -Dssl-keystore.password= PASSWORD -Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo-client -Dssl-keystore.ssl-alfresco-ca.password= PASSWORD -Dssl-keystore.ssl-repo-client.password= PASSWORD -Dssl-truststore.password= PASSWORD -Dssl-truststore.aliases=ssl-alfresco-ca,ssl-repo,ssl-repo-client -Dssl-truststore.ssl-alfresco-ca.password= PASSWORD -Dssl-truststore.ssl-repo.password= PASSWORD -Dssl-truststore.ssl-repo-client.password= PASSWORD " -f
index.subsystem.name=solr6 solr.secureComms=https solr.port=8983 solr.port.ssl=8983
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" keystoreFile="/opt/alfresco-content-service7.2/alf_data/keystore/ssl.keystore" keystorePass="kT9X6oe68t" keystoreType="JCEKS" secure="true" connectionTimeout="240000" truststoreFile="/opt/alfresco-content-service7.2/alf_data/keystore/ssl.truststore" truststorePass="kT9X6oe68t" truststoreType="JCEKS" clientAuth="want" sslProtocol="TLS" />
export JAVA_TOOL_OPTIONS="-Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding -Dencryption.keyAlgorithm=DESede
-Dencryption.keystore.location=/opt/alfresco-content-service7.2/alf_data/keystore/keystore
-Dmetadata-keystore.password=mp6yc0UD9e -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.password=oKIWzVdEdA
-Dmetadata-keystore.metadata.algorithm=DESede
-Dssl-keystore.password= PASSWORD"
Once All the above steps performed indexes will be created in serach services and you will be able to search trough ACS
References:
https://docs.alfresco.com/content-services/latest/install/zip/tomcat/
https://docs.alfresco.com/search-services/latest/config/security/#repository-ssl-keystores
https://docs.alfresco.com/search-services/latest/install/options/
https://docs.alfresco.com/content-services/latest/admin/security/#managealfkeystores
Explore our Alfresco products with the links below. Use labels to filter content by product module.