Hi Shawn, Thanks for the assistance. The Master Server has a self-signed Cert with its machine name, and the Slave has a self-signed Cert with its machine name.
They have identical configurations, and I created a keystore per server. Should I import the self-signed Cert into each other’s keystore? Or are you stating that I need to copy the keystore over to the Slave instead of having the one I created? Regards, Kelly _____________________________ From: Shawn Heisey <apa...@elyograg.org> Sent: Sunday, April 22, 2018 7:56 PM Subject: Re: Solr 6.6.2 Master/Slave SSL Replication Error To: <solr-user@lucene.apache.org> On 4/22/2018 4:40 PM, Kelly Rusk wrote: > I already have a key store/trust store and my settings are as follows: > > set SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.jks > set SOLR_SSL_KEY_STORE_PASSWORD=secret > set SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.jks > set SOLR_SSL_TRUST_STORE_PASSWORD=secret > REM Require clients to authenticate > set SOLR_SSL_NEED_CLIENT_AUTH=false > REM Enable clients to authenticate (but not require) > set SOLR_SSL_WANT_CLIENT_AUTH=false > > I am using a Master/Slave config, not a SolrCloud. > > How would I add the self-signed Cert I created on my Master node to the Slave > node? Is that what you are recommending? You will need the same SSL config, including both the key store and the the trust store, on all Solr servers. Put the keystore file and the config above on all of them. This should allow everything to work. I'm assuming that the keystore file contains just the self-signed cert and its private key? Thanks, Shawn
