snooyen
commented
4 years ago @AkarshES Were you able to resolve this?
Open AkarshES opened 5 years ago
snooyen
commented
4 years ago @AkarshES Were you able to resolve this?
AkarshES
commented
4 years ago Nope, I could not figure it. Its close to a year now, I am not sure what I ended up trying to debug.
snooyen
commented
4 years ago Really strange. I can't get it to work on EKS, but I'm seeing it work on AKS.
snooyen
commented
4 years ago Figured it out.
You need to set a Subject on the certificate that you create
snooyen
commented
4 years ago Here's the verbose error:
keytool error: java.io.IOException: keystore password was incorrect
java.io.IOException: keystore password was incorrect
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(Unknown Source)
at java.base/java.security.KeyStore.load(Unknown Source)
at java.base/sun.security.tools.keytool.Main.doCommands(Unknown Source)
at java.base/sun.security.tools.keytool.Main.run(Unknown Source)
at java.base/sun.security.tools.keytool.Main.main(Unknown Source)
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: java.security.cert.CertificateParsingException: X.509 Certificate is incomplete: subject field is empty, and SubjectAlternativeName extension is absent
DumboJet
commented
2 years ago Same issue here.
And I do have a CN on my certificate, matching the one on my SOLR_HOST environment variable.
I followed the instructions given for enabling SSL. The init container setup-keystore-and-properties errors out with the following output. I have used the default password of 'changeit' for the password.
unable to write 'random state' Importing keystore /tmp/keystore.pkcs12 to /tmp/keystore/solr.jks... keytool error: java.io.IOException: keystore password was incorrect