About configuring SSL in Workbench

SSL is disabled by default for Workbench as a server.

To enable SSL security between Workbench and its clients, you must do the following:

Clients can make secure connections to Workbench either by taking advantage of a redirect from the non-SSL port or, if you have disabled the non-SSL port or do not wish to use the redirect, by making an HTTPS connection directly to the SSL port.

Workbench supports version 3.0 of the Secure Sockets Layer (SSL) protocol for its communication endpoints.

The non-SSL version of Oracle Commerce Workbench is installed by default.

To enable the SSL version of Workbench:

  1. Stop the Endeca Tools Service.

  2. Navigate to %ENDECA_TOOLS_CONF%\conf\Standalone\localhost (on Windows) or $ENDECA_TOOLS_CONF/conf/Standalone/localhost (on UNIX).

  3. Open the ROOT.xml file.

  4. Locate the line in which the docBase is defined.

    For example: 

    docBase="${catalina.base}/../webapps/workbench-legacy-tools-3.1.1.war"

    Note

    The file name in the example may not match the one in your installation.

  5. Change this to point to the SSL version of the WAR by adding -ssl to the filename.

    For example: 

    docBase="${catalina.base}/../workbench-legacy-tools-3.1.1-ssl.war"

  6. Save and close the file.

  7. Start the Endeca Tools Service.

If you want to restore the non-SSL version at a later date, you can reverse the process by editing the ROOT.xml file accordingly.

Before you can use SSL with Workbench, you must edit its server.xml file as described.

This procedure assumes you have already generated server certificates for Workbench as described in the Oracle Commerce Guided Search Security Guide and uploaded them to the Endeca Workbench server.

To enable the HTTPS connector:

  1. Stop the Endeca Tools Service.

  2. Navigate to %ENDECA_TOOLS_CONF%\conf (on Windows) or $ENDECA_TOOLS_CONF/conf (on UNIX).

  3. Open the server.xml file.

  4. Locate and remove the comments around the Connector element for port 8446 as follows: 

    <Connector port="8446" SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11Protocol"
maxPostSize="0"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" 
keystoreFile="conf/eac.ks" keystorePass="eacpass" 
truststoreFile="conf/ca.ks" truststorePass="eacpass"
/>

  5. Optionally, change the port number to something other than 8446 if you do not want to use that default.

    If you do not use the default port, update the redirectPort attribute on the non-SSL HTTP connector to point to the new port as in the following example: 

    <!-- Define a non-SSL HTTP/1.1 Connector on port 8006 -->
 <Connector port="8006" maxHttpHeaderSize="8192"
  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="true" redirectPort="8446" acceptCount="10" 
  connectionTimeout="60000" disableUploadTimeout="true" debug="0"
  URIEncoding="UTF-8"/>

  6. If you want to disable the redirect from the non-secure port to the secure port, comment out the non-SSL connector in the server.xml file. By default, the redirect is enabled.

  7. Update the keystoreFile, keystorePass, truststoreFile, and truststorePass with the appropriate values for your certificates.

    The keystoreFile and truststoreFile values should be the paths to the location where you uploaded your keystore and truststore files. These paths can be specified as absolute paths, or paths relative to ENDECA_TOOLS_CONF, although the files themselves can be located anywhere on the server.

  8. Save and close the file.

  9. Start the Endeca Tools Service.

Copyright © Legal Notices