To enable SSL communication with the EAC server, follow these steps:
Edit
eaccmd.bat
oreaccmd.sh
to configure SSL communication with the EAC server.(a). Edit
eaccmd.bat
andeaccmd.sh
to set the keystore (keystore.ks
) and truststore (truststore.ks
) files as JVM args, which will be used while communicating with EAC central server in SSL mode:eaccmd.bat
IF EXIST %ENDECA_CONF%\conf\truststore.ks ( SET TRUSTSTORE=%ENDECA_CONF%\conf\truststore.ks ) ELSE ( SET TRUSTSTORE=%EAC_ROOT%\..\workspace\conf\truststore.ks ) IF EXIST %ENDECA_CONF%\conf\keystore.ks ( SET KEYSTORE=%ENDECA_CONF%\conf\keystore.ks ) ELSE ( SET KEYSTORE=%EAC_ROOT%\..\workspace\conf\keystore.ks ) …… SET JVM_ARGS=%JVM_ARGS% -Djavax.net.ssl.trustStore=%TRUSTSTORE% -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=eacpass SET JVM_ARGS=%JVM_ARGS% -Djavax.net.ssl.keyStore=%KEYSTORE% -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyStorePassword=eacpass
To make use of the credential store, pass keystore and truststore passphrase; thus:
SET JVM_ARGS=%JVM_ARGS% -Djavax.net.ssl.trustStore=%TRUSTSTORE% -Djavax.net.ssl.trustStoreType=JKS SET JVM_ARGS=%JVM_ARGS% -Djavax.net.ssl.keyStore=%KEYSTORE% -Djavax.net.ssl.keyStoreType=JKS
eaccmd.sh
if [ -f $ENDECA_CONF/conf/truststore.ks ]; then TRUSTSTORE=$ENDECA_CONF/conf/truststore.ks else TRUSTSTORE=$EAC_ROOT/../../workspace/conf/truststore.ks fi if [ -f $ENDECA_CONF/conf/keystore.ks ]; then KEYSTORE=$ENDECA_CONF/conf/keystore.ks else KEYSTORE=$EAC_ROOT/../../workspace/conf/keystore.ks fi JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStore=$TRUSTSTORE -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=eacpass" JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStore=$KEYSTORE -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyStorePassword=eacpass"
To make use of the credential store, pass keystore and truststore passphrase as follows:
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStore=$TRUSTSTORE -Djavax.net.ssl.trustStoreType=JKS" JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStore=$KEYSTORE -Djavax.net.ssl.keyStoreType=JKS"
(b). To make use of credential store, edit
eaccmd.bat
andeaccmd.sh
to pass credentials to the OCS:eaccmd.bat
rem If using a credential store mention the below parameter values and rem avoid giving passphrase as java args. # jps-config.xml location set JPSCONFIGPATH= # mapName used to store ssl passphrases set MAPNAME= # key used to store truststore passphrase set TRUSTSTOREKEY= # key used to store keystore passphrase set KEYSTOREKEY=
eaccmd.sh
# Specify the credential store details to avoid passphrase in plaintext # JPSCONFIGPATH= # MAPNAME= # TRUSTSTOREKEY= # KEYSTOREKEY=
Run the
eaccmd
utility using the following syntax:eaccmd fully-qualified-hostname:SSL-port command --force-ssl
For example:
eaccmd slcw5dd.us.example.com:8443 list-apps --force-ssl
For information about the syntax of the
eaccmd
utility, refer to the Oracle Commerce Guided Search Platform Services Application Controller Guide.