Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

wildcard cert ranger solr audit does not match certificate CN to wildcard

Solved Go to solution

wildcard cert ranger solr audit does not match certificate CN to wildcard

Rising Star

Hi

So I am attempting to use my CA signed cert for ranger auditing. Although I don't have the complete setup running yet one of the issues I am facing is that ranger cannot initiate the solr collection because of the following error

Note that this is a CA issued wildcard cert for *.my-company.com and it works properly across certs and other products. Why is it that it is trying to use the ip address rather than the hostname which would probably then give the right result.

I have looked around in the exported blueprint and I don't any reference to the ip ; just the hostname which all end with *.my-company.com and thus they should be resolved.

Am using solr cloud so the ranger.audit.solr.urls = "" and the ranger.audit.solr.zookeepers="server1.my-company.com:2181,server2.my-company.com:2181,server3.my-company.com:2181/infra-solr"

No live SolrServers available to handle this request:[https://192.168.10.20:8886/solr]
org.apache.solr.client.solrj.SolrServerException: No live SolrServers available to handle this request:[https://192.168.10.20:8886/solr]
	at org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(LBHttpSolrClient.java:352)
	at org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(CloudSolrClient.java:1121)
	at org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(CloudSolrClient.java:891)
	at org.apache.solr.client.solrj.impl.CloudSolrClient.request(CloudSolrClient.java:827)
	at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:149)
	at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:166)
	at org.apache.ambari.logsearch.solr.commands.AbstractSolrRetryCommand.createAndProcessRequest(AbstractSolrRetryCommand.java:43)
	at org.apache.ambari.logsearch.solr.commands.AbstractRetryCommand.retry(AbstractRetryCommand.java:45)
	at org.apache.ambari.logsearch.solr.commands.AbstractRetryCommand.run(AbstractRetryCommand.java:40)
	at org.apache.ambari.logsearch.solr.AmbariSolrCloudClient.listCollections(AmbariSolrCloudClient.java:102)
	at org.apache.ambari.logsearch.solr.AmbariSolrCloudClient.createCollection(AmbariSolrCloudClient.java:109)
	at org.apache.ambari.logsearch.solr.AmbariSolrCloudCLI.main(AmbariSolrCloudCLI.java:473)
Caused by: org.apache.solr.client.solrj.SolrServerException: IOException occured when talking to server at: https://192.168.10.20:8886/solr
	at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:590)
	at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:241)
	at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:230)
	at org.apache.solr.client.solrj.impl.LBHttpSolrClient.doRequest(LBHttpSolrClient.java:372)
	at org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(LBHttpSolrClient.java:325)
	... 11 more
Caused by: javax.net.ssl.SSLException: Certificate for <192.168.10.20> doesn't match common name of the certificate subject: *.my-company.com
	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:172)
	at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61)
	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140)
	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114)
	at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:569)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:544)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
	at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
	at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:482)
	... 15 more
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: wildcard cert ranger solr audit does not match certificate CN to wildcard

Rising Star
1 REPLY 1
Highlighted

Re: wildcard cert ranger solr audit does not match certificate CN to wildcard

Rising Star