To connect securely to the search engine over an SSL connection, prepare a certificate and import it and its key into the Java key store. Then configure the keystore name and the password in your search configuration.
About this task
To perform this task, use the keytool or Policy Tool, which ship with the Java Development Kit. The following Web resources explain how to use these tools:
Procedure
- Obtain a certificate that you can use as a server certificate for Apache Tomcat.
- Use the Java keytool or Policy Tool to generate a key for the certificate. For testing purposes, you can generate a test certificate and key with keytool as follows:
keytool.exe -genkey -alias kumquat -keyalg RSA -keystore tomcat.keystore
- Note down the password (the value of the
-alias switch, kumquat in our example).
- Place the resulting tomcat.keystore file in the Tomcat home directory.
- Navigate to the solr-tomcat\conf\ directory of
%TRIDION_HOME% (defaults to C:\Program Files (x86)\Tridion\).
- Open server.xml in an XML or plain-text editor and find the
Connector element.
- Add the following string of attributes and values to the existing ones:
SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="tomcat.keystore" keystorePass="<MYPASSWORD>"
where <MYPASSWORD> is the password you set when you generated the key.
- Save and close server.xml.
- Access your Windows Services. Find the Windows service called Tridion Content Manager Search Host and restart it.