On 12/13/2017 10:06 AM, Sundaram, Dinesh wrote:
Thanks Shawn, this helps. Now getting the below exception, is there any way to
avoid verifying this?
2017-12-13 17:00:39.239 DEBUG
(httpShardExecutor-4-thread-1-processing-n:xx.xx.xx.xx:8983_solr
[https:////xx.xx.xx.xx:8983//solr] https:////xx.xx.xx.xx:8983//solr) [ ]
o.a.h.c.s.DefaultHostnameVerifier Certificate for <xx.xx.xx.xx> doesn't match
common name of the certificate subject: xx.xx.xx.xx.com
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <xx.xx.xx.xx> doesn't
match common name of the certificate subject: xx.xx.xx.xx.com
If you're running 6.x, then you can disable the hostname verification.
But if you're running 7.x, there's a bug that breaks it:
https://issues.apache.org/jira/browse/SOLR-9304
There's a patch on the issue, but it hasn't been tested, so I have no
idea whether it works. Even if it works, the patch is incomplete
because it doesn't have a test to verify the problem doesn't happen again.
An alternate idea would be to add all the possible hostnames to the
certificate you're using, and make sure the trust stores are valid, so
all of the cert verification will work.
Thanks,
Shawn
