We’re working on standing up a new Solr 9.4.0 cluster with ZooKeeper 3.8.3 ensemble. We’ve configured mTLS for authentication, authorization, and comms for client <-> solr; TLS for solr <-> solr intra-cluster comms, and TLS for zk <-> zk intra-ensemble comms.
Where we are stuck is at the TLS configuration for solr<->zk comms. At least some parts are working since we can configure the url scheme and the security.json file, but when we try to browse the Solr UI to get ZK Status it doesn’t populate with any data. On the ZooKeeper side, we see these errors: 2023-10-19 16:08:06,403 [myid:] - ERROR [nioEventLoopGroup-7-1:o.a.z.s.NettyServerCnxnFactory$CertificateVerifier@468] - Unsuccessful handshake with session 0x0 From our testing with running `solr zk cp` command (used to upload the security.json file), we’re pretty sure that the problem is that solr isn’t trying to establish a TLS connection to satisfy the ZK Status request. This ticket states that the TLS configuration works for at least one person, https://issues.apache.org/jira/browse/SOLR-16115, but I can’t find any more documentation about configuring this. Any hints? Anyone get this working? Thanks, --Jamie
