[
https://issues.apache.org/jira/browse/SOLR-14141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17004598#comment-17004598
]
Robert Muir commented on SOLR-14141:
------------------------------------
yeah, like i said the worst is, anyone who has ever used solr on java9+ has a
pkcs12 format keystore, but with a .jks file extension. they are currently
passing keystore type flags of JKS. it all still works fine only because of the
way java implemented the compat, but its really insane. so this patch is mostly
juat a docs fix to reflect reality...
> eliminate JKS keystore from solr SSL docs
> -----------------------------------------
>
> Key: SOLR-14141
> URL: https://issues.apache.org/jira/browse/SOLR-14141
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Priority: Major
> Attachments: SOLR-14141.patch, SOLR-14141.patch
>
>
> On the "Enabling SSL" page:
> https://lucene.apache.org/solr/guide/8_3/enabling-ssl.html#enabling-ssl
> The first step is currently to create a JKS keystore. The next step
> immediately converts the JKS keystore into PKCS12, so that openssl can then
> be used to extract key material in PEM format for use with curl.
> Now that PKCS12 is java's default keystore format, why not omit step 1
> entirely? What am I missing? PKCS12 is a more commonly
> understood/standardized format.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
