Thanks Shawn, this helps. Now getting the below exception, is there any way to avoid verifying this?
2017-12-13 17:00:39.239 DEBUG (httpShardExecutor-4-thread-1-processing-n:xx.xx.xx.xx:8983_solr [https:////xx.xx.xx.xx:8983//solr] https:////xx.xx.xx.xx:8983//solr) [ ] o.a.h.c.s.DefaultHostnameVerifier Certificate for <xx.xx.xx.xx> doesn't match common name of the certificate subject: xx.xx.xx.xx.com javax.net.ssl.SSLPeerUnverifiedException: Certificate for <xx.xx.xx.xx> doesn't match common name of the certificate subject: xx.xx.xx.xx.com 2017-12-13 17:00:39.242 ERROR (OverseerThreadFactory-8-thread-1-processing-n:xx.xx.xx.xx:8983_solr) [ ] o.a.s.c.OverseerCollectionMessageHandler Error from shard: https://xx.xx.xx.xx:8983/solr org.apache.solr.client.solrj.SolrServerException: IOException occured when talking to server at: https://xx.xx.xx.xx:8983/solr at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:640) at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:253) at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:242) at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1219) at org.apache.solr.handler.component.HttpShardHandler.lambda$submit$0(HttpShardHandler.java:172) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:188) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <xx.xx.xx.xx> doesn't match any of the subject alternative names: [] Dinesh Sundaram MBS Platform Engineering Mastercard -----Original Message----- From: Shawn Heisey [mailto:apa...@elyograg.org] Sent: Monday, December 11, 2017 2:26 PM To: solr-user@lucene.apache.org Subject: Re: Solr ssl issue while creating collection On 12/11/2017 12:24 PM, Sundaram, Dinesh wrote: > 1. Configure SSL > using > https://urldefense.proofpoint.com/v2/url?u=https-3A__lucene.apache.org > _solr_guide_7-5F1_enabling-2Dssl.html&d=DwIDaQ&c=uc5ZRXl8dGLM1RMQwf7xT > CjRqXF0jmCF6SP0bDlmMmY&r=gCFZFMR7y0gzhIBFz1lKTqHFMl-3R6gq7ojE0Eam2Eg&m > =kX8SMKw_W4qlgQyvl3p8pLrhYorEW4_wklVchKw6jAA&s=Gz_ER-vMMwpE5j1YpqIrjnf > _P3SM7uPI-kpjGdeATR8&e= > > 2. Restart solr > 3. Validate solr with https url > https://urldefense.proofpoint.com/v2/url?u=https-3A__localhost-3A8983_ > solr&d=DwIDaQ&c=uc5ZRXl8dGLM1RMQwf7xTCjRqXF0jmCF6SP0bDlmMmY&r=gCFZFMR7 > y0gzhIBFz1lKTqHFMl-3R6gq7ojE0Eam2Eg&m=kX8SMKw_W4qlgQyvl3p8pLrhYorEW4_w > klVchKw6jAA&s=EJ68RQ28Gn6vNdedX5n0hue_hgqlEWR9jFWoEbkt7J4&e= - works > fine 4. Create a collection > https://urldefense.proofpoint.com/v2/url?u=https-3A__localhost-3A8983_ > solr_-23_-7Ecollections&d=DwIDaQ&c=uc5ZRXl8dGLM1RMQwf7xTCjRqXF0jmCF6SP > 0bDlmMmY&r=gCFZFMR7y0gzhIBFz1lKTqHFMl-3R6gq7ojE0Eam2Eg&m=kX8SMKw_W4qlg > Qyvl3p8pLrhYorEW4_wklVchKw6jAA&s=weJY5eOZccSQqlLFr5CAH7PEyWPL1fb5VaWKG > AjYAJs&e= > <https://urldefense.proofpoint.com/v2/url?u=https-3A__localhost-3A8983 > _solr_-23_-257Ecollections&d=DwIDaQ&c=uc5ZRXl8dGLM1RMQwf7xTCjRqXF0jmCF > 6SP0bDlmMmY&r=gCFZFMR7y0gzhIBFz1lKTqHFMl-3R6gq7ojE0Eam2Eg&m=kX8SMKw_W4 > qlgQyvl3p8pLrhYorEW4_wklVchKw6jAA&s=CdjOnW9WrZwGNv5Rr3kEke61pipUE8kMVA > 9DzaYluRU&e=> > 5. here is the response : > Connection to Solr lost > Please check the Solr instance. > 6.Server solr.log: here notice the replica call goes to http port > instead of https > > 2017-12-11 11:52:27.929 ERROR > (OverseerThreadFactory-8-thread-1-processing-n:localhost:8983_solr) [ > ] o.a.s.c.OverseerCollectionMessageHandler Error from > shard: > https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8983_s > olr&d=DwIDaQ&c=uc5ZRXl8dGLM1RMQwf7xTCjRqXF0jmCF6SP0bDlmMmY&r=gCFZFMR7y > 0gzhIBFz1lKTqHFMl-3R6gq7ojE0Eam2Eg&m=kX8SMKw_W4qlgQyvl3p8pLrhYorEW4_wk > lVchKw6jAA&s=MjaZgIhWcEaKn00NFazu0zGn3HFKeSuYOlhyKe9RJMs&e= > This acts like either you did not set the urlScheme cluster property in zookeeper to https, or that you did not restart your Solr instances after making that change. Setting the property is described on the page you referenced in the "SSL with SolrCloud" section. Note that it also appears your Solr instances have registered themselves with the "localhost" name instead of an actual IP address or a "real" hostname. This is going to be a problem if you ever run more than one Solr machine in your cloud, or if you use a smart client (like CloudSolrClient included with SolrJ) and access Solr from a different machine. Thanks, Shawn CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.
