Disable Host name verification in Solr SSL setup using self-signed certificate

Question

I am using Solr as search server and saving all my data in Solr. I am using Solr version 5.5.2. Solr is running in SSL mode with self signed certificate with hostname as localhost. I can not add hostname here as at the time of certificate generation I don't have machine name where its going be installed.

I am connecting to this solr server from wildfly 10. On wildfly 10 I have added my solr certificate as trusted so it is not complaining about self signed certificate but as my wildfly is on different host I am calling solr using hostname in URL and wildfly is raising below error.

Caused by: org.apache.solr.client.solrj.SolrServerException: IOException occured when talking to server at: https://SOLR_HOST:8983/solr/default_core
        at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:589)
        at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:240)
        at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:229)
        at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:149)
        at org.apache.solr.client.solrj.SolrClient.query(SolrClient.java:974)
        at org.apache.solr.client.solrj.SolrClient.query(SolrClient.java:990)
        at org.springframework.data.solr.core.SolrTemplate$11.doInSolr(SolrTemplate.java:512)
        at org.springframework.data.solr.core.SolrTemplate$11.doInSolr(SolrTemplate.java:509)
        at org.springframework.data.solr.core.SolrTemplate.execute(SolrTemplate.java:168)
        ... 66 more
Caused by: javax.net.ssl.SSLException: Certificate for <SOLR_HOST> doesn't match common name of the certificate subject: localhost
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:173)
        at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61)
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:141)
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114)
        at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:580)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:554)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
        at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328)
        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
        at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
        at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:481)
        ... 74 more

As I am not exposing my solr server outside my network I just want to ignore this error and disable hostname verification. HttpClient here is created by Solrj and managed within SolrTemplate so we do not have control to add custom strategy as suggested here

Basically I want to disable hostname verification for my setup. Any suggestion on this will be highly appreciated.

Answer 1

I figure out way from their source code. Solr is checking for below property when creating HttpClient object. Default value is true if we set it to false then Solr wont check hostname in SSL.

-Dsolr.ssl.checkPeerName=false

Set this property into your wildfly startup script or whatever program you are running and it should work fine. Solr will no more verify hostname of URL with hostname of self-signed certificate.