AnsweredAssumed Answered

Solr - generating your own ssl keys

Question asked by loftux Moderator on Nov 14, 2011
I'm trying to sort out how to generate you own keys for Alfresco Solr, and this is confusing to say the least.
Filed a documentation bug https://issues.alfresco.com/jira/browse/ALF-11469, there are some actual errors, but also questions that be better asked in the forum.

Why would you want to create you own solr keys? (I'm trying because it looked like a smart thing to do, but should I continue my efforts)
I guess my question more is what are the security implications of using the default keys? I guess if you leave port 8443 open, anyone that has imported the default alfresco solr admin certificate can access the solr index admin page. Anything else?

Now there are two Repository CreateSSLKeystores.txt and Solr CreateSSLKeystores.txt. My understanding is that you need to follow both to have a full set of new keys for Solr. That they have the same name is confusing (put that in my bug report), so initially I missed that they are different. First I just read the one that was in the solr bundle, that you need both is only first evident from the wiki page.

In the repository CreateSSLKeystores.txt step (iv) there is an export for pkcs12 for use with browsers. Shouldn't that be in the solr one, it is the solr admin page you would want to access with that certificate?

All certificates generated as per the docs are valid for a year. What happens after a year? Can the Solr index still be accessed or will you just get warnings that they have expired?

Outcomes