![]() |
If a certificate-only file is not available, you can optionally generate one from the certificate and key file:
1. Convert the JKS keystore into PKCS12 format using the keytool utility:
keytool -importkeystore -srckeystore solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype pkcs12
2. Convert the PKCS12 formatted keystore, including only the certificate and not the key, into PEM format using the openssl command:
openssl pkcs12 -nokeys -in solr-ssl.keystore.p12 -out solr-ssl.cacert.pem
3. If trust store and key store is in PKCS12 format then use the p12 file by setting SOLR_SSL_KEY_STORE and SOLR_SSL_TRUST_STORE with the path of p12 file.
4. If trust store and key store is in JKS format then use the jks file by setting SOLR_SSL_KEY_STORE and SOLR_SSL_TRUST_STORE with the path of jks file and also set SOLR_SSL_KEY_STORE_TYPE and SOLR_SSL_TRUST_STORE_TYPE as JKS.
![]() |
Starting from Solr 9.0.0, if Windchill is configured with SSL, then Solr should be configured with SSL.
Solr Server
Keystore Files to Import
Sample Import Command
Import keystore files of SolrServerB and SolrServerC.
keytool -importkeystore -srckeystore SolrServerB.jks -destkeystore SolrServerA.jks -srcstoretype JKS -deststoretype JKS
keytool -importkeystore -srckeystore SolrServerC.jks -destkeystore SolrServerA.jks -srcstoretype JKS -deststoretype JKS
Import keystore files of SolrServerA and SolrServerC.
keytool -importkeystore -srckeystore SolrServerA.jks -destkeystore SolrServerB.jks -srcstoretype JKS -deststoretype JKS
keytool -importkeystore -srckeystore SolrServerC.jks -destkeystore SolrServerB.jks -srcstoretype JKS -deststoretype JKS
Import keystore files of SolrServerA and SolrServerB.
keytool -importkeystore -srckeystore SolrServerA.jks -destkeystore SolrServerC.jks -srcstoretype JKS -deststoretype JKS
keytool -importkeystore -srckeystore SolrServerB.jks -destkeystore SolrServerC.jks -srcstoretype JKS -deststoretype JKS
![]() |
The urlScheme command should be executed whenever the Zookeeper nodes are restarted.
![]() |
Out of the box, Solr does not include any configuration for cipher suite, and it uses the default cipher suites provided by Jetty. For more information, see the applicable Jetty : The Definitive Reference (eclipse.dev). It is recommended to reference your internal security requirements and security policies for guidelines on use of secure cipher suites.