I would like to check if it is possible for CKAN to connect to SSL/TLS solr and redis?
I have created CA and certificate (signed by CA) using openssl, then I imported the certificates into the certificate manager in linux, here is what I did to import to the certificate manager.
In Dockerfile of solr,
COPY solrCA.crt /usr/local/share/ca-certificates/solrCA.crt
RUN cat /usr/local/share/ca-certificates/solrCA.crt >> /etc/ssl/certs/ca-certificates.crt
RUN update-ca-certificates
then in the solr's environment variable, I have indicated these env variables, (I have mounted all certificates into /var/solr/ssl)
SOLR_SSL_KEY_STORE=/var/solr/ssl/solrCA.pfx`=
SOLR_SSL_KEY_STORE=
SOLR_SSL_KEY_STORE_TYPE=PKCS12
SOLR_SSL_TRUST_STORE=/var/solr/ssl/solr.p12
SOLR_SSL_TRUST_STORE_PASSWORD=
SOLR_SSL_TRUST_STORE_TYPE=PKCS12
SOLR_SSL_NEED_cLIENT_AUTH=true
SOLR_SSL_WANT_cLIENT_AUTH=true
SOLR_SSL_CHECK_PEER_NAME=true
After configured the above, my ckan program hit with the below error
[ckan.lib.search.common] Failed to connect to server at https://solr:8983/solr/ckan/select/?q=........: HTTPSConnectionPool(host='solr'. port=8983): Max retries exceed with url: /solr/ckan/select/?q-..... (Caused by SSLError(SSLCertVerificationError[1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:997)')))