Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

wildcard cert ranger solr audit does not match certificate CN to wildcard

avatar
Expert Contributor

Hi

So I am attempting to use my CA signed cert for ranger auditing. Although I don't have the complete setup running yet one of the issues I am facing is that ranger cannot initiate the solr collection because of the following error

Note that this is a CA issued wildcard cert for *.my-company.com and it works properly across certs and other products. Why is it that it is trying to use the ip address rather than the hostname which would probably then give the right result.

I have looked around in the exported blueprint and I don't any reference to the ip ; just the hostname which all end with *.my-company.com and thus they should be resolved.

Am using solr cloud so the ranger.audit.solr.urls = "" and the ranger.audit.solr.zookeepers="server1.my-company.com:2181,server2.my-company.com:2181,server3.my-company.com:2181/infra-solr"

No live SolrServers available to handle this request:[https://192.168.10.20:8886/solr]
org.apache.solr.client.solrj.SolrServerException: No live SolrServers available to handle this request:[https://192.168.10.20:8886/solr]
	at org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(LBHttpSolrClient.java:352)
	at org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(CloudSolrClient.java:1121)
	at org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(CloudSolrClient.java:891)
	at org.apache.solr.client.solrj.impl.CloudSolrClient.request(CloudSolrClient.java:827)
	at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:149)
	at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:166)
	at org.apache.ambari.logsearch.solr.commands.AbstractSolrRetryCommand.createAndProcessRequest(AbstractSolrRetryCommand.java:43)
	at org.apache.ambari.logsearch.solr.commands.AbstractRetryCommand.retry(AbstractRetryCommand.java:45)
	at org.apache.ambari.logsearch.solr.commands.AbstractRetryCommand.run(AbstractRetryCommand.java:40)
	at org.apache.ambari.logsearch.solr.AmbariSolrCloudClient.listCollections(AmbariSolrCloudClient.java:102)
	at org.apache.ambari.logsearch.solr.AmbariSolrCloudClient.createCollection(AmbariSolrCloudClient.java:109)
	at org.apache.ambari.logsearch.solr.AmbariSolrCloudCLI.main(AmbariSolrCloudCLI.java:473)
Caused by: org.apache.solr.client.solrj.SolrServerException: IOException occured when talking to server at: https://192.168.10.20:8886/solr
	at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:590)
	at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:241)
	at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:230)
	at org.apache.solr.client.solrj.impl.LBHttpSolrClient.doRequest(LBHttpSolrClient.java:372)
	at org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(LBHttpSolrClient.java:325)
	... 11 more
Caused by: javax.net.ssl.SSLException: Certificate for <192.168.10.20> doesn't match common name of the certificate subject: *.my-company.com
	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:172)
	at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61)
	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140)
	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114)
	at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:569)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:544)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
	at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
	at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:482)
	... 15 more
1 ACCEPTED SOLUTION

avatar
Expert Contributor
1 REPLY 1

avatar
Expert Contributor