Thanks Steve issue is resolved On Jan 24, 2018 4:55 PM, "Steve Rowe" <[email protected]> wrote:
Hi Taher, When you build the keypair, you should include the IP addresses of all *Solr nodes*, rather than the IP addresses of all *clients*. -- Steve www.lucidworks.com > On Jan 24, 2018, at 5:10 AM, Taher Koitawala <[email protected]> wrote: > > Hi All, > We are using Apache Solr version 6.6 on SSL. We use the following command to generate a cert for Solr. > > In IP:X.X.X.X we supply all the client ips that are required to talk to solr. How do we generate a certificate which allows any clients which have the right certs to talk to Sol on SSL. > > keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -ext SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1,IP:X.X.X.X -dname "CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country" > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
