Hi Taher, When you build the keypair, you should include the IP addresses of all *Solr nodes*, rather than the IP addresses of all *clients*.
-- Steve www.lucidworks.com > On Jan 24, 2018, at 5:10 AM, Taher Koitawala <[email protected]> > wrote: > > Hi All, > We are using Apache Solr version 6.6 on SSL. We use the following > command to generate a cert for Solr. > > In IP:X.X.X.X we supply all the client ips that are required to talk to solr. > How do we generate a certificate which allows any clients which have the > right certs to talk to Sol on SSL. > > keytool -genkeypair -alias solr-ssl -keyalg RSA -keysize 2048 -keypass secret > -storepass secret -validity 9999 -keystore solr-ssl.keystore.jks -ext > SAN=DNS:localhost,IP:192.168.1.3,IP:127.0.0.1,IP:X.X.X.X -dname > "CN=localhost, OU=Organizational Unit, O=Organization, L=Location, ST=State, > C=Country" > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
