How to Install Solr with SSL on Windows 10

If you are Sitecore developer implementing Solr as a Search provider for Sitecore 9, you are required to have all communications between Sitecore and Solr to be secure. (It’s not a bad idea to secure earlier versions as well). The following is a quick guide to enabling SSL on Solr in a Windows 10 development environment.

1. Make sure a JRE is installed in your computer

2. Open a PowerShell window

3. Create a self-signed certificate using the following command:

   New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -DnsName "localhost", "127.0.0.1" -FriendlyName "SolrCert" -NotAfter (Get-Date).AddYears(10)

4. Open the MMC, and add the Certificates - Local Computer console (or in Windows 10, search in Cortana for "Manage computer certificates" and open it)

5. Open the Personal → Codeertificates node on the left pane, and right click on the newly created certificate.

6. Copy the certificate to Trusted Root Certification Authorities/Certificates

7. On the pop-up menu, select All Tasks → Export...:

   1. On the second wizard screen, select "Yes, export the private key" and click Next.

   2. Make sure only the "Include ll certificates in the certification path if possible" option is selected, and click Next.

   3. Check the "Password" checkbox, and enter (and confirm) a password. Take note of this password. For this example we will use "secret". Click Next.

   4. Select a location to create the PFX file, give it a name (for this example, "solr_ssl_cert.pfx") and click Next to finish the wizard.

8. Download Solr from the Apache Solr website. For Windows, download the ZIP file.

9. Unzip the Solr installation file (for this example, I unzipped it under C:\apache, so the final installation will be under C:\apache\solr-x.x.x being x.x.x the version)

10. In a text editor, open the C:\apache\solr-x.x.x\bin\solr.in.cmd file and uncomment the following section:

    solr.in.cmd Uncomment

    REM Uncomment to set SSL-related system properties
    REM Be sure to update the paths to the correct keystore for your environment
    set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks
    set SOLR_SSL_KEY_STORE_PASSWORD=secret
    set SOLR_SSL_KEY_STORE_TYPE=JKS
    set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks
    set SOLR_SSL_TRUST_STORE_PASSWORD=secret
    set SOLR_SSL_TRUST_STORE_TYPE=JKS
    set SOLR_SSL_NEED_CLIENT_AUTH=false
    set SOLR_SSL_WANT_CLIENT_AUTH=false
    

11. Change the following values (for this example, the PFX file is located at C:\apache\solr_ssl_cert.pfx, and the password is "secret" as set on step 6c):

    solr.in.cmd Edits

    set SOLR_SSL_KEY_STORE=C:/apache/solr_ssl_cert.pfx
    set SOLR_SSL_KEY_STORE_PASSWORD=secret
    set SOLR_SSL_KEY_STORE_TYPE=PKCS12
    set SOLR_SSL_TRUST_STORE=C:/apache/solr_ssl_cert.pfx
    set SOLR_SSL_TRUST_STORE_PASSWORD=secret
    set SOLR_SSL_TRUST_STORE_TYPE=PKCS12
    

12. Test the Solr installation by running the following command in the Command Prompt:

    C:\apache\solr-x.x.x\bin\solr.cmd start -f -p 8984

13. In a browser, navigate to https://localhost:8984 and, if you added the certificate to the Trusted Root, it shouldn't give you a security warning.

14. Stop Solr in the Command Prompt by pressing Ctrl-C.

15. Install Solr as a Windows Service. Use nssm, follow the instructions here but make sure to set the -p parameter to 8984.