This section describes how to configure Platform Services to store its passphrases in the OCS and to enable SSL communication for Platform Services.
Note
In several lines of the following sample code, line breaks (denoted by the symbol ~) were inserted to make the lines fit the width of page. Do not insert line breaks into lines of actual working code.
To configure Platform Services for SSL communication, follow these steps:
Copy the
credential-store
folder from%ENDECA_TOOLS_ROOT%\credential_store
andjps-config.xml
from%ENDECA_TOOLS_ROOT%\server\workspace\credential_store
into any location in Platform Services.Run the
manage_credentials.bat
utility to store the truststore and keystore Passphrases in the credential store; specify thejps-config.xml
location using the--config
option. For information about how to usemanage_credentials.bat
, see Storing generateSSLCertificates Credentials.Set the
sslEnabled
flag in%ENDECA_CONF%/conf/eac.properties
to true when enabling the EAC server to run over SSL:# Set to true if Eac is sslEnabled # This flag is used by Eac to communicate with local EacAgent. com.endeca.eac.sslEnabled=true
Uncomment the following lines in
%ENDECA_CONF%/conf/eac.properties
to enable either plain text passphrase or credential store (OCS) passphrase. (If both plain text passphrase and credential store (OCS) passphrases are enabled, plain text passphrases are used.)# One of the steps required for enabling SSL is to uncomment the following # SSL-related configuration options. Please see the documentation for more details. # This must be a JKS key store type com.endeca.eac.sslKeyStore=C:\\Endeca\\ToolsAndFrameworks\\11.1.0~ \\deployment_template\\ssl_certs_utility\\bin\\ssl~ \\slcw5dd.us.example.com.ks #com.endeca.eac.sslKeyStorePassphrase= # This must be a JKS trust store type com.endeca.eac.sslTrustStore=C:\\Endeca\\ToolsAndFrameworks\\11.1.0~ \\deployment_template\\ssl_certs_utility\\bin\\ssl~ \\TS-slcw5dd.us.example.com.ks #com.endeca.eac.sslTrustStorePassphrase=eacpass # If using the OCS, specify values for the following parameters: com.endeca.eac.ocs.jpsConfigPath=C:\\Endeca\\ToolsAndFrameworks~ \\11.1.0\\server\\workspace\\credential_store\\jps-config.xml com.endeca.eac.ocs.mapName=oracleCommerceSSLPassPhrase com.endeca.eac.sslKeyStorePassKey=ks-key com.endeca.eac.sslTrustStorePassKey=ts-key
In
%ENDECA_CONF%/conf/server.xml
, make sure that any non-SSL connector is commented and uncomment the following SSL connector and specify your key store and trust store files and passphrase:<!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <Connector port="8443" maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="true" sslEnabledProtocols="TLSv1.1,TLSv1.2" keystoreFile="C:/Endeca/ToolsAndFrameworks/11.1.0/deployment_template~ /ssl_certs_utility/bin/ssl/slcw5dd.us.example.com.ks" keystorePass="eacpass" truststoreFile="C:/Endeca/ToolsAndFrameworks/11.1.0/deployment_template~ b/ssl_certs_utility/in/ssl/TS-slcw5dd.us.example.com.ks" truststorePass="eacpass" URIEncoding="UTF-8"/>