Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP. It means all communications between your browser and the website are encrypted.

Securing solr is important as much as any e-commerce websites or banking website because  user query or request should not decrypt by hacker to protect confidential information.In this article we will discuss how to enable SSL on single node server with the example jetty server using self signed certificate.

To enable SSL on your single node solr please follow below steps.

Step 1: Generate a Self-Signed Certificate and a Key

To generate a self-signed certificate and a single key that will be used to authenticate both the server and the client, we’ll use the JDK keytool command and create a separate keystore. This keystore will also be used as a truststore below.

Here we have used JDK Keytool to generate keys.Perform below steps to generate keys and import.

Step 1.1: Goto Solr installation bin directory

Goto solr-{VERSION}/bin directory

Step 1.2: Generate key

Execute command to generate key.

keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:,IP: -dname "CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country"

genkeypair option is used to generate key. keytool has various option to give alias, algorithm name,keysize.etc..

here we have used RSA algorithm.Need to specify password for key, it’s validity,keystore file name.

The -ext SAN=…​ keytool option allows you to specify all the DNS names and/or IP addresses that will be allowed during hostname verification


keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP: -dname "CN=localhost, OU=Organizational Unit, O=JavaDeveloperZone, L=Location, ST=State, C=Country"

The above command will create a keystore file named solr-ssl.keystore.jks in the current directory.

Step 2:  Convert the Certificate and Key to PEM Format

CURL doesn’t able to understand JKS formatted key store so we need to convert it to PEM format using keystore.

keytool -importkeystore -srckeystore solr-ssl.keystore.jks -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype pkcs12

Above command will prompt you for destination keystore password and source keystore password.Use secret password in our case.Refer below image.

Securing Solr generate_import keystore

Step 3: Set System Properties

Set SSL related properties as java system property in solr-in.cmd for windows and solr-in.sh for linux.

set SOLR_SSL_KEY_STORE=D:\\solr-6.4.2\\solr-6.4.2\\bin\\solr-ssl.keystore.jks
set SOLR_SSL_TRUST_STORE=D:\\solr-6.4.2\\solr-6.4.2\\bin\\solr-ssl.keystore.jks

Step 4: Start Solr

Execute below solr start command.

solr.cmd start -p 8983

start secure solr

Step 5: verify SSL

That’s it. Once solr started,verify it in your browser.

Confirm solr start


Refer Solr Reference Guide for more details.

Was this post helpful?

1 comment. Leave new

Rishabh Kumar
June 23, 2018 9:23 am

Getting this error while starting the solr:
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:214)
at org.eclipse.jetty.start.Main.start(Main.java:457)
at org.eclipse.jetty.start.Main.main(Main.java:75)
Caused by: java.io.IOException: Invalid keystore format

Leave a Reply

Your email address will not be published. Required fields are marked *