You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by Taher Koitawala <ta...@gslab.com> on 2018/01/24 10:10:18 UTC

Solr SSL issues

Hi All,
         We are using Apache Solr version 6.6 on SSL. We use the following
command to generate a cert for Solr.

In IP:X.X.X.X we supply all the client ips that are required to talk to
solr. How do we generate a certificate which allows any clients which have
the right certs to talk to Sol on SSL.

keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass
secret -storepass secret -validity 9999 -keystore
solr-ssl.keystore.jks -ext
SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1,IP:X.X.X.X -dname
"CN=localhost, OU=Organizational Unit, O=Organization, L=Location,
ST=State, C=Country"

Re: Solr SSL issues

Posted by Taher Koitawala <ta...@gslab.com>.

Thanks Steve issue is resolved

On Jan 24, 2018 4:55 PM, "Steve Rowe" <sa...@gmail.com> wrote:

Hi Taher,

When you build the keypair, you should include the IP addresses of all
*Solr nodes*, rather than the IP addresses of all *clients*.

--
Steve
www.lucidworks.com

> On Jan 24, 2018, at 5:10 AM, Taher Koitawala <ta...@gslab.com>
wrote:
>
> Hi All,
>          We are using Apache Solr version 6.6 on SSL. We use the
following command to generate a cert for Solr.
>
> In IP:X.X.X.X we supply all the client ips that are required to talk to
solr. How do we generate a certificate which allows any clients which have
the right certs to talk to Sol on SSL.
>
> keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass
secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks
-ext SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1,IP:X.X.X.X -dname
"CN=localhost, OU=Organizational Unit, O=Organization, L=Location,
ST=State, C=Country"
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org

Re: Solr SSL issues

Posted by Steve Rowe <sa...@gmail.com>.

Hi Taher,

When you build the keypair, you should include the IP addresses of all *Solr nodes*, rather than the IP addresses of all *clients*.

--
Steve
www.lucidworks.com

> On Jan 24, 2018, at 5:10 AM, Taher Koitawala <ta...@gslab.com> wrote:
> 
> Hi All, 
>          We are using Apache Solr version 6.6 on SSL. We use the following command to generate a cert for Solr.
> 
> In IP:X.X.X.X we supply all the client ips that are required to talk to solr. How do we generate a certificate which allows any clients which have the right certs to talk to Sol on SSL. 
> 
> keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1,IP:X.X.X.X -dname "CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country"
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org