Install Solr SSL cert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Example .\install-solrssl.ps1 -KeystoreFile C:\Solr\apache-solr\server\etc\solr-ssl.keystore.jks | |
| #> | |
| param( | |
| [string]$KeystoreFile = 'solr-ssl.keystore.jks', | |
| [string]$KeystorePassword = 'secret', | |
| [string]$SolrDomain = 'localhost', | |
| [string]$SolrIP = '127.0.0.1', | |
| [string]$SslAlias = 'solr-ssl', | |
| [switch]$Clobber | |
| ) | |
| $ErrorActionPreference = 'Stop' | |
| ### PARAM VALIDATION | |
| if($KeystorePassword -ne 'secret') { | |
| Write-Error 'The keystore password must be "secret", because Solr apparently ignores the parameter' | |
| } | |
| if((Test-Path $KeystoreFile)) { | |
| if($Clobber) { | |
| Write-Host "Removing $KeystoreFile..." | |
| Remove-Item $KeystoreFile | |
| } else { | |
| $KeystorePath = Resolve-Path $KeystoreFile | |
| Write-Warning "Keystore file $KeystorePath already existed. To regenerate it, pass -Clobber." | |
| } | |
| } | |
| $P12Path = [IO.Path]::ChangeExtension($KeystoreFile, 'p12') | |
| if((Test-Path $P12Path)) { | |
| if($Clobber) { | |
| Write-Host "Removing $P12Path..." | |
| Remove-Item $P12Path | |
| } else { | |
| $P12Path = Resolve-Path $P12Path | |
| Write-Error "Keystore file $P12Path already existed. To regenerate it, pass -Clobber." | |
| } | |
| } | |
| Write-Verbose "p12 path `'$P12Path`'" | |
| try { | |
| $keytool = (Get-Command 'keytool.exe').Source | |
| } catch { | |
| $keytool = Read-Host "keytool.exe not on path. Enter path to keytool (found in JRE bin folder)" | |
| if([string]::IsNullOrEmpty($keytool) -or -not (Test-Path $keytool)) { | |
| Write-Error "Keytool path was invalid." | |
| } | |
| } | |
| Write-Host '' | |
| Write-Host 'Generating .p12 to import to Windows...' | |
| & $keytool -importkeystore -srckeystore $KeystoreFile -destkeystore $P12Path -srcstoretype jks -deststoretype pkcs12 -srcstorepass $KeystorePassword -deststorepass $KeystorePassword | |
| Write-Host '' | |
| Write-Host 'Trusting SSL certificate...' | |
| $secureStringKeystorePassword = ConvertTo-SecureString -String $KeystorePassword -Force -AsPlainText | |
| $root = Import-PfxCertificate -FilePath $P12Path -Password $secureStringKeystorePassword -CertStoreLocation Cert:\LocalMachine\Root | |
| Write-Host 'SSL certificate is now locally trusted. (added as root CA)' | |
| if(-not $KeystoreFile.EndsWith('solr-ssl.keystore.jks')) { | |
| Write-Warning 'Your keystore file is not named "solr-ssl.keystore.jks"' | |
| Write-Warning 'Solr requires this exact name, so make sure to rename it before use.' | |
| } | |
| Write-Host '' | |
| Write-Host 'Done!' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment