I'm running solr on a windows server, and am trying to set up SSL on SOLR.

My network staff gave me a keystore with a certificate in PKCS12 format.

I have set the following options in solr.in:

set SOLR_SSL_KEY_STORE=E:\ApacheSolr8_11_1\server\etc\solr-ssl.keystore.p12
set SOLR_SSL_KEY_STORE_PASSWORD=zzzzzz
set SOLR_SSL_TRUST_STORE=E:\ApacheSolr8_11_1\server\etc\solr-ssl.keystore.p12
set SOLR_SSL_TRUST_STORE_PASSWORD=zzzzzz
REM Require clients to authenticate
set SOLR_SSL_NEED_CLIENT_AUTH=false
REM Enable clients to authenticate (but not require)
set SOLR_SSL_WANT_CLIENT_AUTH=false
REM Verify client hostname during SSL handshake
set SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false
REM SSL Certificates contain host/ip "peer name" information that is validated 
by default. Setting
REM this to false can be useful to disable these checks when re-using a 
certificate on many hosts
set SOLR_SSL_CHECK_PEER_NAME=true
REM Override Key/Trust Store types if necessary
set SOLR_SSL_KEY_STORE_TYPE=PKCS12
set SOLR_SSL_TRUST_STORE_TYPE=PKCS12

When I start SOLR, I am receiving the following:

INFO  - 2024-08-12 14:09:44.942; 
org.apache.solr.util.configuration.SSLConfigurations; Setting 
javax.net.ssl.keyStorePassword
INFO  - 2024-08-12 14:09:44.942; 
org.apache.solr.util.configuration.SSLConfigurations; Setting 
javax.net.ssl.trustStorePassword
Waiting up to 30 to see Solr running on port 8983

ERROR: Certificate for <localhost> doesn't match any of the subject alternative 
names: [<machine name from cert>]

How can I go about fixing this?

Thanks,

RICK HODDER
Staff Software Engineer
Global Specialty
[The Hartford]<https://www.thehartford.com/>
The Hartford
83 Wooster Heights Rd. | 2nd floor
Danbury, CT, 06810
W: 475-329-6251
Email: richard.hod...@thehartford.com<mailto:richard.hod...@thehartford.com>
www.thehartford.com<https://www.thehartford.com/>
www.facebook.com/thehartford<https://www.facebook.com/thehartford>
twitter.com/thehartford<https://twitter.com/thehartford>



******************************************************************************************************
This communication, including attachments, is for the exclusive use of 
addressee and may contain proprietary, confidential and/or privileged 
information.  If you are not the intended recipient, any use, copying, 
disclosure, dissemination or distribution is strictly prohibited.  If you are 
not the intended recipient, please notify the sender immediately by return 
e-mail, delete this communication and destroy all copies.

******************************************************************************************************

Reply via email to