Skip to main content

Sitecore Indexing Manager stops showing indexes due to expired SSL certificate in SOLR

The Problem

While working on Sitecore, it may happen that one of your SSL certificates may expire after some time. This can cause functionalities to break. 
For e.g., I encountered a problem where the SOLR search functionalities on my local Sitecore instance stopped working. You may be having similar problem if you face following issues - 
  • when you search a GUID in Content Editor to locate an item, it would not return any result and say that an exception has occurred. 
  • when you try to rebuild my SOLR indexes using Rebuild Search Indexes in Control Panel, the dialog did not list any of my SOLR indexes.



The Research

I looked into the logs to find the root cause to the problem and found following warnings - 
128216 15:40:08 WARN  IsOnline: Test connection has failed with an exception. Type: 'SolrConnectionException', Message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'

I tried to load my local SOLR instance and it showed me errors related to SSL certificates. When I looked at the SSL certificate, I found it has expired. 


The Solution

I realized fixing the SSL certificate for SOLR should be the first step towards fixing these issue related to search. For this, I needed to know how to generate a new SSL certificate and make it work with SOLR. Since this is not something developers do on regular basis, I started researching about it. That's when I realized how many developers face the same issue. Hence, I decided to list these steps in a blog so that it would serve the community and the future me if I face this issue again. 

Here are the steps to add a new SSL certificated to SOLR ...

First, the expired SSL certificate needs to be removed from the system. We start with removing it form SOLR directories first.
  • Goto <your solr directory>/server/etc 
  • You should see your SSL certificate here with .pfx or .jks or .p12 extension based on your setup.
  • Rename it to .bak file.
Next, we remove the expired SSL certificate from the LocalMachine certificate manager. 
  • Go to your certificate manager and remove your expired certificate from there. 
  • If you dont see the delete option on certificate, you can use below script to remove the certificate - 
$existingCert = Get-ChildItem Cert:\LocalMachine\Root | where Subject -eq "CN=<your certificate name here>" 
$existingCert | Remove-Item

  • If you will refresh your Certificates folder, your certificate shall disappear from the list of installed certificates.

You may also want to remove expired SSL certificate from your browser as browser may keep using the expired certificate. If you are using Chrome, go to Settings> Privacy and Security>Security>Manage Device Certificates and remove your certificate from the list in the dialog that appears - 


Now, lets start generating a new SSL certificate. Below script shall help you with this - 
        $cert = New-SelfSignedCertificate -DnsName "your certificate name here" -CertStoreLocation cert:\LocalMachine\My        
        $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root","LocalMachine"
        $store.Open("ReadWrite")
        $store.Add($cert)
        $store.Close() 
        # remove the untrusted copy of the cert
        $cert | Remove-Item

This script will generate the SSL certificate and add it to trusted root certification authority store.

Now, next step is add this SSL certificate to SOLR directories

        $cert = Get-ChildItem Cert:\LocalMachine\Root | where Subject -eq "CN=your certificate name here"
     
        $certStore = "<your solr server path here>\server\etc\solr-ssl.keystore.pfx" //make sure to put correct certificate name here that is used in your SOLR.in.cmd files
        $certPwd = ConvertTo-SecureString -String "secret" -Force -AsPlainText
        $cert | Export-PfxCertificate -FilePath $certStore -Password $certpwd | Out-Null

This shall export the SSL certificate from Root store into a pfx/jks/p12 file in <solr path>\server\etc folder.

Now, your newly generated SSL certificate is trusted on your machine and is located in SOLR directories so that it can be used by SOLR for a secured connection.

Now, go to Services.msc>locate your SOLR service and restart it.

Try loading the Solr url in browser. It shall not give the error anymore for SSL certificate. Your Sitecore instance shall also connect successfully to SOLR without any issue. 

There is also a readymade script available here to achieve the same result but I found via comments that lots of developers are not able to use the script as-is as the setup in different projects may be slightly different. In such case, these scripts need modifications to match the local needs and developers again end up scratching their heads to get it done. Hence, it is better to understand what is being done in the script and how we can do it manually as well.

Thanks for reading. Hope it helps!!

Labels:

Popular posts from this blog

Sitecore PowerShell Script to create all language versions for an item from en version

  We have lots of media items and our business wants to copy the data from en version of media item to all other language versions defined in System/Languages. This ensures that media is available in all the languages. So, we created the below powershell script to achieve the same -  #Get all language versions defined in System/Languages $languages = Get-ChildItem /sitecore/System/Languages -recurse | Select $_.name | Where-Object {$_.name -ne "en"} | Select Name #Ensuring correct items are updated by comparing the template ID  $items = Get-ChildItem -Path "/sitecore/media library/MyProjects" -Recurse | Where-Object {'<media item template id>' -contains $_.TemplateID} #Bulk update context to improve performance New-UsingBlock (New-Object Sitecore.Data.BulkUpdateContext) { foreach($item in $items){    foreach($language in $languages){ $languageVersion = Get-Item -Path $item.Paths.Path -Language $language.Name #Check if language versi
Read more

Export Sitecore media library files to zip using SPE

If you ever require to export Sitecore media files to zip (may be to optimize them), SPE (Sitecore Powershell Extension) has probably the easiest way to do this for you. It's as easy as the below 3 steps -  1. Right click on your folder (icons folder in snap)>Click on Scripts> Click on Download 2. SPE will start zipping all the media files placed within this folder. 3. Once zipping is done, you will see the Download option in the next screen. Click Download Zip containing the media files within is available on your local machine. You can play around with the images now. Hope this helps!! Like and Share ;)
Read more

Make Sitecore instance faster using Roslyn Compiler

When we install the Sitecore instance on local, the first load is slow. After each code deploy also, it takes a while for the Sitecore instance to load and experience editor to come up. For us, the load time for Sitecore instance on local machines was around 4 minutes. We started looking for ways to minimize it and found that if we update our Web.config to use Roslyn compiler and include the relevant Nugets into the project, our load times will improve. We followed the simple steps - Go to the Project you wish to add the NuGet package and right click the project and click 'Manage NuGet Packages'. Make sure your 'Package Source' is set to nuget.org and go to the 'Browse' Tab and search Microsoft.CodeDom.Providers.DotNetCompilerPlatform. Install whichever version you desire, make sure you note which version you installed. You can learn more about it  here . After installation, deploy your project, make sure the Microsoft.CodeDom.Providers.DotNetCompilerPlatform.d
Read more

Experience of a first time Sitecore MVP

The Journey I have been working in Sitecore for almost 10 years now. When I was a beginner in Sitecore, I was highly impressed by the incredible community support. In fact, my initial Sitecore learning path was entirely based on community written blogs on Sitecore. During a discussion with my then technology lead Neeraj Gulia , he proposed the idea that I should start giving back to developer community whenever I get chance. Just like I have been helped by many developers via online blogs, stackoverflow etc., I should also try to help others. Fast forward a few years and I met  Nehemiah Jeyakumar  (now an MVP). He had a big archive of his technical notes in the form Sitecore blogs. I realized my first blog dont have to be perfect and it can be as simple as notes to a specific problem for reference in future. That's when I probably created my first blog post on Sitecore. At that time, I didn't knew about the Sitecore MVP program. Over the years, I gained more confidence to write
Read more

Clean Coding Principles in CSharp

A code shall be easy to read and understand. In this post, I am outlining basic principles  about clean coding after researching through expert recommended books, trainings and based on my experience. A common example to start with is a variable declaration like - int i  The above statement did not clarify the purpose of variable i. However,  the same variable can be declared as -  int pageNumber The moment we declared the variable as int pageNumber, our brain realized that the variable is going to store the value for number of pages. We have set the context in our brain now and it is ready to understand what the code is going to do next with these page numbers. This is one of the basic advantages of clean coding. Reasons for clean coding -  • Reading clean code is easier - Every code is revisited after certain amount of time either by the same or different developer who created it. In both the cases, if the code is unclean, its difficult to understand and update it. • To avoid s
Read more