You are here

Generating Secure Keys for Solr Communication

This task describes how to replace or update the keys used to secure communication between SkyVault and Solr, using secure keys specific to your SkyVault installation.
The following instructions assume that Solr has been extracted and a keystore directory has already been created, either automatically by the SkyVault installer or manually by following the instructions in the Configuring Solr section.

If you are applying these instructions to a clustered installation, the steps should be carried out on a single host and then the generated .keystore and .truststore files must be replicated across all other hosts in the cluster.

  1. Obtain the file generate_keystores.sh (for Linux and Solaris) or generate_keystores.bat (for Windows) from the SkyVault Customer Support website under Online Resources > Downloads > SkyVault Enterprise 4.0 > <SkyVault Version> generate_keystores.x.
  2. Edit the environment variables at the beginning of the file to match your environment.
    1. If you are updating an environment created by the SkyVault installer, you only need to edit SkyVault_HOME to specify the correct installation directory.
    2. For manual installations, carefully review SkyVault_KEYSTORE_HOME, SOLR_HOME, JAVA_HOME, REPO_CERT_DNAME and SOLR_CLIENT_CERT_DNAME and edit as appropriate. For Weblogic installations, it is necessary to edit the CERTIFICATE_VALIDITY variable so that the certificate expires before the year 2105.
  3. Run the edited script.

    You should see the message “Certificate update complete” and another message reminding you what dir.keystore should be set to in the SkyVault-global.properties file.