On 3/14/2023 10:12 AM, HariBabu kuruva wrote:
The certificate is valid one.
Please find the detailed exception below.
By "valid" do you mean issued by a public CA? If you do, now we are
getting into general TLS requirements, nothing Solr specific, and the
notes below will apply:
The proper way to configure a server for TLS is to include the server
cert and all intermediate certs in what the server sends ... but NOT the
root certificate.
Most public CAs do not issue certificates signed directly by the root.
They use one intermediate certificate as the issuer. In some cases
there may be more than one intermediate, but this is not common.
So in most cases when using a cert from a public CA, the keystore that
Solr is given should contain the server cert, its matching private key,
and the issuing cert. It should NOT contain the root certificate.
When you added the certificate to the keystore for Solr, did you import
just the server cert and key, or did you also import the issuer
(intermediate) cert?
Thanks,
Shawn
