You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by Taher Koitawala <ta...@gslab.com> on 2018/01/24 10:10:18 UTC
Solr SSL issues
Hi All,
We are using Apache Solr version 6.6 on SSL. We use the following
command to generate a cert for Solr.
In IP:X.X.X.X we supply all the client ips that are required to talk to
solr. How do we generate a certificate which allows any clients which have
the right certs to talk to Sol on SSL.
keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass
secret -storepass secret -validity 9999 -keystore
solr-ssl.keystore.jks -ext
SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1,IP:X.X.X.X -dname
"CN=localhost, OU=Organizational Unit, O=Organization, L=Location,
ST=State, C=Country"
Re: Solr SSL issues
Posted by Taher Koitawala <ta...@gslab.com>.
Thanks Steve issue is resolved
On Jan 24, 2018 4:55 PM, "Steve Rowe" <sa...@gmail.com> wrote:
Hi Taher,
When you build the keypair, you should include the IP addresses of all
*Solr nodes*, rather than the IP addresses of all *clients*.
--
Steve
www.lucidworks.com
> On Jan 24, 2018, at 5:10 AM, Taher Koitawala <ta...@gslab.com>
wrote:
>
> Hi All,
> We are using Apache Solr version 6.6 on SSL. We use the
following command to generate a cert for Solr.
>
> In IP:X.X.X.X we supply all the client ips that are required to talk to
solr. How do we generate a certificate which allows any clients which have
the right certs to talk to Sol on SSL.
>
> keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass
secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks
-ext SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1,IP:X.X.X.X -dname
"CN=localhost, OU=Organizational Unit, O=Organization, L=Location,
ST=State, C=Country"
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
Re: Solr SSL issues
Posted by Steve Rowe <sa...@gmail.com>.
Hi Taher,
When you build the keypair, you should include the IP addresses of all *Solr nodes*, rather than the IP addresses of all *clients*.
--
Steve
www.lucidworks.com
> On Jan 24, 2018, at 5:10 AM, Taher Koitawala <ta...@gslab.com> wrote:
>
> Hi All,
> We are using Apache Solr version 6.6 on SSL. We use the following command to generate a cert for Solr.
>
> In IP:X.X.X.X we supply all the client ips that are required to talk to solr. How do we generate a certificate which allows any clients which have the right certs to talk to Sol on SSL.
>
> keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1,IP:X.X.X.X -dname "CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country"
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org