Makes perfect sense! Should I use the key tool to import the Certs? If so, do you have an example you prefer or should I just pull from the docs?
Regards, Kelly _____________________________ From: Shawn Heisey <apa...@elyograg.org> Sent: Sunday, April 22, 2018 8:40 PM Subject: Re: Solr 6.6.2 Master/Slave SSL Replication Error To: <solr-user@lucene.apache.org> On 4/22/2018 6:27 PM, Kelly Rusk wrote: > Thanks for the assistance. The Master Server has a self-signed Cert with its > machine name, and the Slave has a self-signed Cert with its machine name. > > They have identical configurations, and I created a keystore per server. > Should I import the self-signed Cert into each other’s keystore? Or are you > stating that I need to copy the keystore over to the Slave instead of having > the one I created? For the way you have it now, the trust store will need all of the certificates of all of the servers. It's the remote certificate that must be validated, so having just the local certificate in the trust store doesn't do you any good. A better option would be to have one certificate that covers all of the names you're using, and have all the servers set up identically. Thanks, Shawn
