Public/Add-SolrCertificate.ps1
#Set-StrictMode -Version Latest ##################################################### # Add-SolrCertificate ##################################################### <#PSScriptInfo .VERSION 0.0 .GUID 602bc07e-a621-4738-8c27-0edf4a4cea8e .AUTHOR David Walker, Sitecore Dave, Radical Dave .COMPANYNAME David Walker, Sitecore Dave, Radical Dave .COPYRIGHT David Walker, Sitecore Dave, Radical Dave .TAGS sitecore powershell local install iis solr .LICENSEURI https://github.com/SitecoreDave/SharedSitecore.SitecoreLocal/blob/main/LICENSE .PROJECTURI https://github.com/SitecoreDave/SharedSitecore.SitecoreLocal .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES #> <# .SYNOPSIS @@synoposis@@ .DESCRIPTION @@description@@ .EXAMPLE PS> .\Enable-ContainedDatabases 'name' .EXAMPLE PS> .\Enable-ContainedDatabases 'name' 'template' .EXAMPLE PS> .\Enable-ContainedDatabases 'name' 'template' 'd:\repos' .EXAMPLE PS> .\Enable-ContainedDatabases 'name' 'template' 'd:\repos' -Persist User .Link https://github.com/SitecoreDave/SharedSitecore.SitecoreLocal .OUTPUTS System.String #> Function Add-SolrCertificate { [CmdletBinding(SupportsShouldProcess,PositionalBinding=$true)] param( [string]$KeystoreFile = 'solr-ssl.keystore.jks', [string]$KeystorePassword = 'secret', [string]$SolrDomain = 'localhost', [switch]$Clobber ) $ErrorActionPreference = 'Stop' $PSScriptName = $MyInvocation.MyCommand.Name.Replace(".ps1","") Write-Verbose (Get-Parameters $MyInvocation.MyCommand.Parameters $PSBoundParameters -Message "$($PSScriptName):start" -Show -Stamp).output ### PARAM VALIDATION if($KeystorePassword -ne 'secret') { Write-Error 'The keystore password must be "secret", because Solr apparently ignores the parameter' } if((Test-Path $KeystoreFile)) { if($Clobber) { Write-Host "Removing $KeystoreFile..." Remove-Item $KeystoreFile } else { $KeystorePath = Resolve-Path $KeystoreFile Write-Error "Keystore file $KeystorePath already existed. To regenerate it, pass -Clobber." } } $P12Path = [IO.Path]::ChangeExtension($KeystoreFile, 'p12') if((Test-Path $P12Path)) { if($Clobber) { Write-Host "Removing $P12Path..." Remove-Item $P12Path } else { $P12Path = Resolve-Path $P12Path Write-Error "Keystore file $P12Path already existed. To regenerate it, pass -Clobber." } } try { $keytool = (Get-Command 'keytool.exe').Source } catch { try { $path = $Env:JAVA_HOME + '\bin\keytool.exe' Write-Host $path if (Test-Path $path) { $keytool = (Get-Command $path).Source } } catch { $keytool = Read-Host "keytool.exe not on path. Enter path to keytool (found in JRE bin folder)" if([string]::IsNullOrEmpty($keytool) -or -not (Test-Path $keytool)) { Write-Error "Keytool path was invalid." } } } ### DOING STUFF Write-Host '' Write-Host 'Generating JKS keystore...' & $keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass $KeystorePassword -storepass $KeystorePassword -validity 9999 -keystore $KeystoreFile -ext SAN=DNS:$SolrDomain,IP:127.0.0.1 -dname "CN=$SolrDomain, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country" Write-Host '' Write-Host 'Generating .p12 to import to Windows...' & $keytool -importkeystore -srckeystore $KeystoreFile -destkeystore $P12Path -srcstoretype jks -deststoretype pkcs12 -srcstorepass $KeystorePassword -deststorepass $KeystorePassword Write-Host '' Write-Host 'Trusting generated SSL certificate...' $secureStringKeystorePassword = ConvertTo-SecureString -String $KeystorePassword -Force -AsPlainText $root = Import-PfxCertificate -FilePath $P12Path -Password $secureStringKeystorePassword -CertStoreLocation Cert:\LocalMachine\Root Write-Host 'SSL certificate is now locally trusted. (added as root CA)' Write-Host '' Write-Host '########## NEXT STEPS ##########' -ForegroundColor Green Write-Host '' Write-Host '1. Copy your keystore to $SOLR_HOME\server\etc (MUST be here)' -ForegroundColor Green if(-not $KeystoreFile.EndsWith('solr-ssl.keystore.jks')) { Write-Warning 'Your keystore file is not named "solr-ssl.keystore.jks"' Write-Warning 'Solr requires this exact name, so make sure to rename it before use.' } $KeystorePath = Resolve-Path $KeystoreFile Write-Host '' Write-Host '2. Add the following lines to your solr.in.cmd:' -ForegroundColor Green Write-Host '' Write-Host "set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks" -ForegroundColor Yellow Write-Host "set SOLR_SSL_KEY_STORE_PASSWORD=$KeystorePassword" -ForegroundColor Yellow Write-Host "set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks" -ForegroundColor Yellow Write-Host "set SOLR_SSL_TRUST_STORE_PASSWORD=$KeystorePassword" -ForegroundColor Yellow Write-Host '' Write-Host 'Done!' } |