I'm running solr on a windows server, and am trying to set up SSL on SOLR. My network staff gave me a keystore with a certificate in PKCS12 format.
I have set the following options in solr.in: set SOLR_SSL_KEY_STORE=E:\ApacheSolr8_11_1\server\etc\solr-ssl.keystore.p12 set SOLR_SSL_KEY_STORE_PASSWORD=zzzzzz set SOLR_SSL_TRUST_STORE=E:\ApacheSolr8_11_1\server\etc\solr-ssl.keystore.p12 set SOLR_SSL_TRUST_STORE_PASSWORD=zzzzzz REM Require clients to authenticate set SOLR_SSL_NEED_CLIENT_AUTH=false REM Enable clients to authenticate (but not require) set SOLR_SSL_WANT_CLIENT_AUTH=false REM Verify client hostname during SSL handshake set SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false REM SSL Certificates contain host/ip "peer name" information that is validated by default. Setting REM this to false can be useful to disable these checks when re-using a certificate on many hosts set SOLR_SSL_CHECK_PEER_NAME=true REM Override Key/Trust Store types if necessary set SOLR_SSL_KEY_STORE_TYPE=PKCS12 set SOLR_SSL_TRUST_STORE_TYPE=PKCS12 When I start SOLR, I am receiving the following: INFO - 2024-08-12 14:09:44.942; org.apache.solr.util.configuration.SSLConfigurations; Setting javax.net.ssl.keyStorePassword INFO - 2024-08-12 14:09:44.942; org.apache.solr.util.configuration.SSLConfigurations; Setting javax.net.ssl.trustStorePassword Waiting up to 30 to see Solr running on port 8983 ERROR: Certificate for <localhost> doesn't match any of the subject alternative names: [<machine name from cert>] How can I go about fixing this? Thanks, RICK HODDER Staff Software Engineer Global Specialty [The Hartford]<https://www.thehartford.com/> The Hartford 83 Wooster Heights Rd. | 2nd floor Danbury, CT, 06810 W: 475-329-6251 Email: richard.hod...@thehartford.com<mailto:richard.hod...@thehartford.com> www.thehartford.com<https://www.thehartford.com/> www.facebook.com/thehartford<https://www.facebook.com/thehartford> twitter.com/thehartford<https://twitter.com/thehartford> ****************************************************************************************************** This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ******************************************************************************************************
