Yh you're right, I did some more reading last night.
I tried a few different domains last night and even disabled the SNI
Check but no luck.
I believe the issue is the 2 step process they have in the documentation
for generating a self-signed certificate.
There is more to the process and they may have assumed we should know
but I don't.
Thanks.
Lee
On 2024-05-28 20:56, Dmitri Maziuk wrote:
On 5/28/24 19:35, Lee Daniel wrote:
Interesting.
Based on my lack of understanding, using z.com could mean two things:
1. Would I have to edit the certificate for each extra site/node we add?
2. Or have another instance of Solr for each site?
So this is a whole different rant, but the practical result of the
"secure by default" idiocy is that everyone gets a cert with
CN=foo.bar and SAN=*.foo.bar and then uses it on every host they have.
(And SANs can be in different domain too.)
Assuming you're not actually in a TLD and have a dot in your "foo.bar"
(for SNI), you could try that. But like I said, I don't know what
tentacles may lurk in the Java implementation. Jetty may or may not
like it.
Dima
