I am currently working on setting up a new Solr 9 (9.2 to be exact) cluster. As of now I have 2 Solr nodes, one external ZooKeeper and I have documents in my index.
Once I have had that working, I moved to enabling HTTPS (with a self signed certificate), which has also worked just fine.
The last step was to secure Solr access by using the (new) Certificate Authentication Plugin
I have edited my security.json with the example from that page, namely:
"authentication": {
"class": "org.apache.solr.security.CertAuthPlugin"
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin",
"permissions": [
{
"name": "all",
"role": [
"admin-role"
]
}
],
"user-role": {
"CN=B---1,O=---CA,S=NY,C=US": [
"admin-role"
]
}
}
(some fields above have been redacted for privacy)
Uploaded it to ZooKeeper and restarted my Solr nodes.
Only to be granted with the next error in the Solr Admin UI:
After playing around a bit with the browser I also got this error, which didn't get my anywhere
Trying the perform a SELECT through Postman, unfortunately also returns the error:
Error 401 require certificateHTTP ERROR 401 require certificate
URI: /solr/documents/select STATUS: 401 MESSAGE: require certificate SERVLET: default
Despite the fact that I do see the certificate indeed being attached to the request.
Does anyone have any experience with this? Any insights on what I might be doing wrong? The documentation, unfortunately, doesn't shed much light on this topic, let alone, troubleshooting.
Thanks!
Turned out I had to set the next variable in solr.in.cmd:
set SOLR_SSL_WANT_CLIENT_AUTH=true
Once I did that it started to respond properly in Postman (not in the browser though when trying to access the Solr Admin UI)
It seem that it's required in order for it to "listen" or rather, accept the certificate.
As mentioned at: https://solr.apache.org/guide/solr/latest/deployment-guide/enabling-ssl.html#set-common-ssl-related-system-properties (in the Client Authentication Settings warning)