I was able to resolve the issue. I was adding the certificate and then I had combined my certificate and private key. So when I added the certificate plus the certificate and private key it was breaking. I removed just the certificate and it resolved the issue. So I had my root certificates and the certificate plus private key and everything starting working correctly.
Thank you, Kent Younge Systems Engineer USPS MTSC IT Support 600 W. Rock Creek Rd, Norman, OK 73069-8357 O:405 573 2273 -----Original Message----- From: Shawn Heisey [mailto:apa...@elyograg.org] Sent: Friday, October 20, 2017 4:33 PM To: solr-user@lucene.apache.org Subject: Re: Certificate issue ERR_SSL_VERSION_OR_CIPHER_MISMATCH On 10/19/2017 6:30 AM, Younge, Kent A - Norman, OK - Contractor wrote: > Built a clean Solr server imported my certificates and when I go to the > SSL/HTTPS page it tells me that I have ERR_SSL_VERSION_OR_CIPHER_MISMATCH in > Chrome and in IE tells me that I need to TURN ON TLS 1.0, TLS 1.1, and TLS > 1.2. What java version? What Java vendor? What operating system? The OS won't have a lot of impact on HTTPS, I just ask in case other information is desired, so we can tailor the information requests. I see other messages where you mention Solr 6.6, which requires Java 8. As Hoss mentioned to you in another thread, *all* of the SSL capability is provided by Java. The Jetty that ships with Solr includes a config for HTTPS. The included Jetty config *excludes* a handful of low-quality ciphers that your browser probably already refuses to use, but that's the only cipher-specific configuration. If you haven't changed the Jetty config in the Solr download, then Jetty defaults and your local Java settings will control everything else. As far as I am aware, Solr doesn't influence the SSL config at all. <Set name="ExcludeCipherSuites"> <Array type="String"> <Item>SSL_RSA_WITH_DES_CBC_SHA</Item> <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item> <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item> <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item> <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item> </Array> </Set> It is extremely unlikely that Solr itself is causing these problems. It is more likely that there's something about your environment (java version, custom java config, custom Jetty config, browser customization, or maybe something else) that is resulting in a protocol and cipher list that your browser doesn't like. Thanks, Shawn
