Hi Chris, Thanks for the assistance. It is from a real CA. I was sent the .p12 Wildcard certificate and I need to use that to HTTPS my Solr address.
Kelly -----Original Message----- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Monday, August 13, 2018 12:59 PM To: solr-user@lucene.apache.org Subject: Re: Add Wildcard Certificate to Java Keystore Kelly, On 8/13/18 12:37 PM, Kelly Rusk wrote: > All I have is the .p12 and password so it has already gone through the > CSR process. How do I import this file into the keystore? Java's keytool won't merge keystores. You'll have to export the certificates from the PKCS12 file you got from your CA and import each of them separately into your own keystore. > On the Windows side, does it need to reside in the Personal Store or > Trusted Root Store? Umm... is this for a server certificate? If so, you definitely don't want to import any of those certificates into any system-wide or user-wide certificate trust stores. Is this certificate signed by a real CA, or are you building your own, internal, private CA who is signing these certficates? -chris > -----Original Message----- From: Christopher Schultz > <ch...@christopherschultz.net> Sent: Monday, August 13, 2018 12:00 PM > To: solr-user@lucene.apache.org Subject: Re: Add Wildcard Certificate > to Java Keystore > > Kelly, > > On 8/13/18 11:55 AM, Kelly Rusk wrote: >> I have imported a Wildcard Certificate to my Java Keystore and it >> displays, but when I pull up Internet Explorer and browse to my Solr >> site, it fails to load and presents TLS errors. > > What do you mean "it displays"? > > How did you import your signed certificate into your keystore? What > was in the keystore before you performed the import? > >> Has anyone run into this, what commands do you run to import a Public >> CA into Solr? > > Generally, you want to generate a key+cert/CSR and send the CSR to a > CA. The CA signs it and returns it, typically with one or more > intermediate certificates to build a chain of trust between the CA's > root cert (present in browser trust stores) and your server's > certificate (which was signed by a subordinate certificate, not > directly by the CA's root cert). > > Import them into your keystore in this order: > > 1. Highest (closest to the root) CA cert 2. [any other intermediate > certs from the CA, in order] 3. Your server's cert > > Most server software needs a bounce to reload the keystore. > > -chris >
