Last active
June 14, 2021 18:17
-
-
Save bradchristie-velir/46335eda2cf1d30da3f145c968306ae1 to your computer and use it in GitHub Desktop.
Create a self-signed SOLR certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[CmdletBinding()] | |
Param( | |
[Parameter()] | |
[switch]$JKS | |
) | |
$keytool = Get-Command "keytool" -ErrorAction "SilentlyContinue" | |
If ($null -eq $keytool) { | |
Write-Output "Doesn't look like you have access to keytool. Please download and install OpenJDK from https://adoptopenjdk.net/releases.html?variant=openjdk11&jvmVariant=hotspot (ensuring to add the JAVA_HOME feature) and try again." | |
Exit 1 | |
} | |
If (!($keypass = Read-Host "Enter secret (default: secret)")) { | |
$keypass = "secret" | |
} | |
If ($JKS) { | |
If (!($keystore = Read-Host "Enter filename (default: solr-ssl.keystore.jks)")) { | |
$keystore = ".\server\etc\solr-ssl.keystore.jks" | |
} | |
& keytool -genkeypair -alias solr-ssl -validity 9999 ` | |
-keyalg RSA -keysize 2048 -keypass $keypass -keystore $keystore ` | |
-storepass $keypass ` | |
-ext "SAN=DNS:localhost,IP:127.0.0.1" -dname "CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country" | |
If ((Read-Host "Would you like to install the certificate to root? [y/N]") -eq "y") { | |
$file = "{0}.cer" -f ([IO.Path]::GetFileNameWithoutExtension($keystore)) | |
& keytool -exportcert -alias solr-ssl -keystore $keystore -storepass $keypass -file $file | |
Import-Certificate -FilePath $file -CertStoreLocation Cert:\LocalMachine\Root | |
} | |
} Else { | |
If (!($keystore = Read-Host "Enter filename (default: solr-ssl.keystore.pfx)")) { | |
$keystore = ".\server\etc\solr-ssl.keystore.pfx" | |
} | |
& keytool -genkeypair -alias solr-ssl -validity 9999 ` | |
-keyalg RSA -keysize 2048 -keypass $keypass -keystore $keystore ` | |
-storetype PKCS12 -storepass $keypass ` | |
-ext "SAN=DNS:localhost,IP:127.0.0.1" -dname "CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment