SSL initContainer failed with "keytool error: java.io.IOException: keystore password was incorrect"

[AkarshES]

I followed the instructions given for enabling SSL. The init container setup-keystore-and-properties errors out with the following output. I have used the default password of 'changeit' for the password.

unable to write 'random state' Importing keystore /tmp/keystore.pkcs12 to /tmp/keystore/solr.jks... keytool error: java.io.IOException: keystore password was incorrect

[snooyen]

@AkarshES Were you able to resolve this?

[AkarshES]

Nope, I could not figure it. Its close to a year now, I am not sure what I ended up trying to debug.

[snooyen]

Really strange. I can't get it to work on EKS, but I'm seeing it work on AKS.

[snooyen]

Figured it out.
You need to set a Subject on the certificate that you create

[snooyen]

Here's the verbose error:

keytool error: java.io.IOException: keystore password was incorrect
java.io.IOException: keystore password was incorrect
	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
	at java.base/sun.security.util.KeyStoreDelegator.engineLoad(Unknown Source)
	at java.base/java.security.KeyStore.load(Unknown Source)
	at java.base/sun.security.tools.keytool.Main.doCommands(Unknown Source)
	at java.base/sun.security.tools.keytool.Main.run(Unknown Source)
	at java.base/sun.security.tools.keytool.Main.main(Unknown Source)
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: java.security.cert.CertificateParsingException: X.509 Certificate is incomplete: subject field is empty, and SubjectAlternativeName extension is absent

[DumboJet]

Same issue here. And I do have a CN on my certificate, matching the one on my SOLR_HOST environment variable.