Configuring Platform Services for SSL Communication

This section describes how to configure Platform Services to store its passphrases in the OCS and to enable SSL communication for Platform Services.

Note

In several lines of the following sample code, line breaks (denoted by the symbol ~) were inserted to make the lines fit the width of page. Do not insert line breaks into lines of actual working code.

To configure Platform Services for SSL communication, follow these steps:

  1. Copy the credential-store folder from %ENDECA_TOOLS_ROOT%\credential_store and jps-config.xml from %ENDECA_TOOLS_ROOT%\server\workspace\credential_store into any location in Platform Services.

  2. Run the manage_credentials.bat utility to store the truststore and keystore Passphrases in the credential store; specify the jps-config.xml location using the --config option. For information about how to use manage_credentials.bat, see Storing generateSSLCertificates Credentials.

  3. Set the sslEnabled flag in %ENDECA_CONF%/conf/eac.properties to true when enabling the EAC server to run over SSL: 

    # Set to true if Eac is sslEnabled
# This flag is used by Eac to communicate with local EacAgent.

com.endeca.eac.sslEnabled=true

  4. Uncomment the following lines in %ENDECA_CONF%/conf/eac.properties to enable either plain text passphrase or credential store (OCS) passphrase. (If both plain text passphrase and credential store (OCS) passphrases are enabled, plain text passphrases are used.) 

    # One of the steps required for enabling SSL is to uncomment the following
# SSL-related configuration options. Please see the documentation for more details.

# This must be a JKS key store type
com.endeca.eac.sslKeyStore=C:\\Endeca\\ToolsAndFrameworks\\11.1.0~
  \\deployment_template\\ssl_certs_utility\\bin\\ssl~
  \\slcw5dd.us.example.com.ks
#com.endeca.eac.sslKeyStorePassphrase=

# This must be a JKS trust store type
com.endeca.eac.sslTrustStore=C:\\Endeca\\ToolsAndFrameworks\\11.1.0~
 \\deployment_template\\ssl_certs_utility\\bin\\ssl~
 \\TS-slcw5dd.us.example.com.ks

#com.endeca.eac.sslTrustStorePassphrase=eacpass 

# If using the OCS, specify values for the following parameters:
com.endeca.eac.ocs.jpsConfigPath=C:\\Endeca\\ToolsAndFrameworks~
  \\11.1.0\\server\\workspace\\credential_store\\jps-config.xml
com.endeca.eac.ocs.mapName=oracleCommerceSSLPassPhrase
com.endeca.eac.sslKeyStorePassKey=ks-key
com.endeca.eac.sslTrustStorePassKey=ts-key

  5. In %ENDECA_CONF%/conf/server.xml, make sure that any non-SSL connector is commented and uncomment the following SSL connector and specify your key store and trust store files and passphrase: 

     <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
		 <Connector port="8443" maxHttpHeaderSize="8192" SSLEnabled="true"
		 maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
		 enableLookups="false" disableUploadTimeout="true"
		 acceptCount="100" scheme="https" secure="true"
		 clientAuth="true" sslEnabledProtocols="TLSv1.1,TLSv1.2" 		
	  keystoreFile="C:/Endeca/ToolsAndFrameworks/11.1.0/deployment_template~
     /ssl_certs_utility/bin/ssl/slcw5dd.us.example.com.ks"
		 keystorePass="eacpass"	
	  truststoreFile="C:/Endeca/ToolsAndFrameworks/11.1.0/deployment_template~
     b/ssl_certs_utility/in/ssl/TS-slcw5dd.us.example.com.ks"
		 truststorePass="eacpass"
		 URIEncoding="UTF-8"/>

Copyright © Legal Notices