Editing eaccmd to enable SSL communication with the EAC server

To enable SSL communication with the EAC server, follow these steps:

  1. Edit eaccmd.bat or eaccmd.sh to configure SSL communication with the EAC server.

    (a). Edit eaccmd.bat and eaccmd.sh to set the keystore (keystore.ks) and truststore (truststore.ks) files as JVM args, which will be used while communicating with EAC central server in SSL mode:

    eaccmd.bat 

    IF EXIST %ENDECA_CONF%\conf\truststore.ks ( SET
		  TRUSTSTORE=%ENDECA_CONF%\conf\truststore.ks
		  ) ELSE (
		  SET TRUSTSTORE=%EAC_ROOT%\..\workspace\conf\truststore.ks
		  )
		  IF EXIST %ENDECA_CONF%\conf\keystore.ks ( SET
		  KEYSTORE=%ENDECA_CONF%\conf\keystore.ks
		  ) ELSE (
		  SET KEYSTORE=%EAC_ROOT%\..\workspace\conf\keystore.ks
		  )
		  ……
		  SET JVM_ARGS=%JVM_ARGS% -Djavax.net.ssl.trustStore=%TRUSTSTORE%
		  -Djavax.net.ssl.trustStoreType=JKS
		  -Djavax.net.ssl.trustStorePassword=eacpass
		  SET JVM_ARGS=%JVM_ARGS% -Djavax.net.ssl.keyStore=%KEYSTORE%
		  -Djavax.net.ssl.keyStoreType=JKS
		  -Djavax.net.ssl.keyStorePassword=eacpass

    To make use of the credential store, pass keystore and truststore passphrase; thus: 

     SET JVM_ARGS=%JVM_ARGS% -Djavax.net.ssl.trustStore=%TRUSTSTORE%
		  -Djavax.net.ssl.trustStoreType=JKS
		  SET JVM_ARGS=%JVM_ARGS% -Djavax.net.ssl.keyStore=%KEYSTORE%
		  -Djavax.net.ssl.keyStoreType=JKS

    eaccmd.sh 

    if [ -f $ENDECA_CONF/conf/truststore.ks ]; then
        TRUSTSTORE=$ENDECA_CONF/conf/truststore.ks
else
        TRUSTSTORE=$EAC_ROOT/../../workspace/conf/truststore.ks
fi

if [ -f $ENDECA_CONF/conf/keystore.ks ]; then
        KEYSTORE=$ENDECA_CONF/conf/keystore.ks
else
        KEYSTORE=$EAC_ROOT/../../workspace/conf/keystore.ks
fi

JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStore=$TRUSTSTORE -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=eacpass"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStore=$KEYSTORE -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyStorePassword=eacpass"

    To make use of the credential store, pass keystore and truststore passphrase as follows: 

    JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStore=$TRUSTSTORE -Djavax.net.ssl.trustStoreType=JKS"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStore=$KEYSTORE -Djavax.net.ssl.keyStoreType=JKS"

    (b). To make use of credential store, edit eaccmd.bat and eaccmd.sh to pass credentials to the OCS:

    eaccmd.bat 

     rem If using a credential store mention the below parameter values
		  and rem avoid giving passphrase as java args. 
		  # jps-config.xml location 
		  set JPSCONFIGPATH= 
		  # mapName used to store ssl passphrases 
		  set MAPNAME= 
		  # key used to store truststore passphrase 
		  set TRUSTSTOREKEY= 
		  # key used to store keystore passphrase 
		  set KEYSTOREKEY=

    eaccmd.sh 

    # Specify the credential store details to avoid passphrase in plaintext 
		  # JPSCONFIGPATH= 
		  # MAPNAME= 
		  # TRUSTSTOREKEY= 
		  # KEYSTOREKEY=

  2. Run the eaccmd utility using the following syntax: 

    eaccmd fully-qualified-hostname:SSL-port command --force-ssl

    For example: 

    eaccmd slcw5dd.us.example.com:8443 list-apps --force-ssl

    For information about the syntax of the eaccmd utility, refer to the Oracle Commerce Guided Search Platform Services Application Controller Guide.

    Note

    You can also specify the fully qualified hostname and SSL port (8443) in the %ENDECA_CONF%/conf/eaccmd.properties file, rather than in the eaccmd utility command line; for example: 

    host=slcw5dd.us.example.com			 
port=8443

Copyright © Legal Notices