All Posts

Lucidworks Fusion

Enabling SSL on Fusion Admin UI

by Lucidworks
February 6, 2015

There is an updated version of this tutorial available in the Fusion documentation.

Lucidworks Fusion can encrypt communications to and from clients with SSL. This section describes enabling SSL on Fusion Admin UI with the Jetty server using a self-signed certificate.

Basic SSL Setup

Generate a self-signed certificate and a key

To generate a self-signed certificate and a single key that will be used to authenticate both the server and the client, we’ll use the JDK keytool command and create a separate keystore.  This keystore will also be used as a truststore below.  It’s possible to use the keystore that comes with the JDK for these purposes, and to use a separate truststore, but those options aren’t covered here.
Run the commands below in the $FUSION_HOME/jetty/ui/etc directory in the binary Fusion distribution.
The “-ext SAN=…” keytool option allows you to specify all the DNS names and/or IP addresses that will be allowed during hostname verification.

keytool -genkeypair -alias fusion -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore fusion.keystore.jks -ext SAN=DNS:localhost,IP:127.0.0.1 -dname “CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country”

The above command will create a keystore file named fusion.keystore.jks in the current directory.

Convert the certificate and key to PEM format for use with cURL

cURL isn’t capable of using JKS formatted keystores, so the JKS keystore needs to be converted to PEM format, which cURL understands.
First convert the JKS keystore into PKCS12 format using keytool:

keytool -importkeystore -srckeystore fusion.keystore.jks -destkeystore fusion.keystore.p12 -srcstoretype jks -deststoretype pkcs12

The keytool application will prompt you to create a destination keystore password and for the source keystore password, which was set when creating the keystore (“secret” in the example shown above).
Next convert the PKCS12 format keystore, including both the certificate and the key, into PEM format using the openssl command:

openssl pkcs12 -in fusion.keystore.p12 -out fusion.pem

Configure Fusion

First, copy jetty-https.xml and jetty-ssl.xml from $FUSION_HOME//jetty/home/etc to $FUSION_HOME/jetty/ui/etc
Next, edit jetty-ssl.xml and change the keyStore values to point to the JKS keystore created above – the result should look like this:





Edit ui file (not ui.sh) under $FUSION_HOME/bin and add the following 3 lines
  1. “https.port=$HTTP_PORT”
  2. “$JETTY_BASE/etc/jetty-ssl.xml”
  3. “$JETTY_BASE/etc/jetty-https.xml”



 

Run Fusion using SSL

To start all services, run $FUSION_HOME/bin/fusion start. This will start Solr, the Fusion API, the Admin UI, and Connectors, which each run in their own Jetty instances and on their own ports

bin/fusion start

After that, trust Fusion website (This is because we are in local machine).

 


Finally, Fusion Admin UI with SSL

 

 

About Lucidworks

Read more from this author

Related Articles

New Lucidworks Fusion Connectors Page Streamlines Data Integration

Paolo Padua

The ABCs of Learning to Rank

Brian Land

Best of the Month. Straight to Your Inbox!
Dive into the best content with our monthly Roundup Newsletter! Each month, we handpick the top stories, insights, and updates to keep you in the know.