Hi; Did someone manage to setup SSL in a CloudSolrClient used in a Tomcat application ?
We have an application running on Tomcat, and in that application, we use CloudSolrClient to communicate with Solr. SSL is enabled in that application, according to Tomcat documentation. Also, to make sure that passwords are not shown anywhere, we have an implementation of org.apache.coyote.http11.Http11NioProtocol to provide decrypted password for Tomcat running with SSL. Anyways, that's for Tomcat. I enabled SSL in Solr, following the documentation: https://solr.apache.org/guide/solr/9_5/deployment-guide/enabling-ssl.html So now Solr Admin UI is available at https://<host>:8983/solr As far as Solr is concerned, it's all OK. To allow the Solr Client in the Tomcat app to communicate with Solr, at first, I set the system properties, as documented ("javax.net.ssl.keyStore", etc): * If set on command-line when starting the Tomcat app, there seems to be a conflict with Tomcat's SSL settings, and nothing works. The Tomcat app refuses to start. * If set in code (System.setProperty) just before creating the CloudSolrClient, at that point, of course Tomcat has already started. But there's still no communication with Solr. So when that didn't work, I created an instance of org.apache.solr.client.solrj.embedded.SSLConfig, set into org.apache.solr.client.solrj.impl.Http2SolrClient.Builder, then use that Http2SolrClient to build the CloudSolrClient. ---------- final CloudSolrClient.Builder couldSolrClientbuilder = new CloudSolrClient.Builder(zkEnsembleUrl, Optional.empty()); final SSLConfig sslConfig = new SSLConfig(true, false, path, pwsd, null, null); final Http2SolrClient.Builder http2SolrClientBuilder = new Http2SolrClient.Builder(); final Http2SolrClient http2SolrClient = http2SolrClientBuilder.withSSLConfig(sslConfig).build(); // configure Http2SolrClient with SSL couldSolrClientbuilder.withHttpClient(http2SolrClient); final CloudSolrClient newSolrClient = couldSolrClientbuilder.withDefaultCollection(defaultCollection).build(); -------------------- Result: org.apache.solr.client.solrj.SolrServerException: IOException occurred when talking to server at: https://10.5.106.231:8983/solr/admin/collections ... caused by javax.net.ssl.SSLHandshakeException: No subject alternative names present ... caused by java.security.cert.CertificateException: No subject alternative names present Now, I found this ASF Jira issue: https://issues.apache.org/jira/browse/SOLR-16084 Looks like only Curl and/or CloseableHttpClient can communicate with Solr SSL ? Any information will be appreciated. Isabelle Giguère
