On 5/28/24 19:35, Lee Daniel wrote:
Interesting.
Based on my lack of understanding, using z.com could mean two things:
1. Would I have to edit the certificate for each extra site/node we add?
2. Or have another instance of Solr for each site?
So this is a whole different rant, but the practical result of the
"secure by default" idiocy is that everyone gets a cert with CN=foo.bar
and SAN=*.foo.bar and then uses it on every host they have. (And SANs
can be in different domain too.)
Assuming you're not actually in a TLD and have a dot in your "foo.bar"
(for SNI), you could try that. But like I said, I don't know what
tentacles may lurk in the Java implementation. Jetty may or may not like it.
Dima
