Edwin, On 6/8/18 12:02 PM, Zheng Lin Edwin Yeo wrote: > I followed the steps from > https://lucene.apache.org/solr/guide/7_3/enabling-ssl.html. > > 1) > > keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass > secret -storepass secret -validity 9999 -keystore > solr-ssl.keystore.jks -ext > SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1 -dname "CN=localhost, > OU=Organizational Unit, O=Organization, L=Location, ST=State, > C=Country" > > > 2) > > keytool -importkeystore -srckeystore solr-ssl.keystore.jks > -destkeystore solr-ssl.keystore.p12 -srcstoretype jks -deststoretype > pkcs12 > > > 3) > > openssl pkcs12 -in solr-ssl.keystore.p12 -out solr-ssl.pem > > > > I have also set these in solr.in.cmd: > > SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jksSOLR_SSL_KEY_STORE_PASSWORD=secretSOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jksSOLR_SSL_TRUST_STORE_PASSWORD=secret# > Require clients to authenticateSOLR_SSL_NEED_CLIENT_AUTH=false# Enable > clients to authenticate (but not > require)SOLR_SSL_WANT_CLIENT_AUTH=false# Define Key Store type if > necessarySOLR_SSL_KEY_STORE_TYPE=JKSSOLR_SSL_TRUST_STORE_TYPE=JKS
You didn't describe how you have deployed each of these files on each of your servers. You might want to make sure that all your (attempted) absolute paths actually start with a slash, though. -chris
signature.asc
Description: OpenPGP digital signature