Enabling SSL for the CAS Command-line Utilities

This procedure establishes a secure connection between all of the CAS Command-line Utilities and the Web services running in the Endeca CAS Service. Recall that the CAS Command-line Utilities include the CAS Server Command-line Utility, the Component Instance Manager Command-line Utility, and the Record Store Command-line Utility.

To enable SSL in the CAS command-line utilities:

Navigate to <install path>\CAS\version\bin on Windows or <install path>/CAS/version/bin on UNIX.
To enable SSL in the CAS Server Command-line Utility, open either cas-cmd.bat (for Windows) or cas-cmd.sh (for UNIX) in a text editor.
Uncomment the Java options for the truststore location (-Djavax.net.ssl.trustStore), type (-Djavax.net.ssl.trustStoreType), and password (-Djavax.net.ssl.trustStorePassword).

Replace the tokens listed below for the truststore location path, type, and password values as appropriate for your environment.

Property	Token to replace
`javax.net.ssl.trustStore`	`@TRUSTSTORE_FILE@`
`javax.net.ssl.trustStorePassword`	`@TRUSTSTORE_PASSWORD@`
`javax.net.ssl.trustStoreType`	`JKS`

For example, on Windows, uncomment and modify options similar to the following:

REM Setup the Trust Store
SET JVM_ARGS=-Djavax.net.ssl.trustStore="C:\Endeca\CAS\workspace\conf\truststore.ks" %JVM_ARGS%
SET JVM_ARGS=-Djavax.net.ssl.trustStoreType=JKS %JVM_ARGS%
SET JVM_ARGS=-Djavax.net.ssl.trustStorePassword=endeca %JVM_ARGS%

For example, on UNIX, uncomment and modify options similar to the following:

# Setup the Trust Store
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStore=$CAS_WORKSPACE/conf/truststore.ks"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStoreType=JKS"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStorePassword=endeca"

If you enabled mutual authentication in jetty.xml, uncomment the Java options for the keystore location (-Djavax.net.ssl.keyStore), type (-Djavax.net.ssl.keyStoreType), and password (-Djavax.net.ssl.keyStorePassword).

If you uncommented the keystore options, replace the tokens listed below for the keystore location path, type and password values as appropriate for your environment.

Property	Token to replace
`javax.net.ssl.keyStore`	`@KEYSTORE_FILE@`
`javax.net.ssl.keyStorePassword`	`@KEYSTORE_PASSWORD@`
`javax.net.ssl.keyStoreType`	`JKS`

For example, on Windows you uncomment and modify options similar to the following:

SET JVM_ARGS=-Djavax.net.ssl.keyStore="C:\Endeca\CAS\workspace\conf\keystore.ks" %JVM_ARGS%
SET JVM_ARGS=-Djavax.net.ssl.keyStoreType=JKS %JVM_ARGS%
SET JVM_ARGS=-Djavax.net.ssl.keyStorePassword=endeca %JVM_ARGS%

For example, on UNIX you uncomment and modify options similar to the following:

JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStore=$CAS_WORKSPACE/conf/keystore.ks"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStoreType=JKS"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStorePassword=endeca"

Save and close either cas-cmd.bat (for Windows) or cas-cmd.sh
Similarly, to enable SSL and mutual authentication in the CIM Command-line Utility (component-manager-cmd) and the Record Store Command-line Utility (recordstore-cmd):
- Open the batch or shell files.
- Uncomment the truststore and keystore properties listed above.
- Modify the property values as appropriate for your environment.
- Save and close the files.

If you disabled HTTPS redirects, navigate to %ENDECA_TOOLS_CONF%\conf on Windows or $ENDECA_TOOLS_CONF/conf on UNIX. (You do not need to perform this step if using HTTPS redirects.)

Open commandline.properties in a text editor.
Modify the following properties:

Property name	Description
`com.endeca.itl.cas.server.host`	Specify the fully qualified name of the machine running the command-line utility.
`com.endeca.itl.cas.server.port`	Specify the port for Endeca CAS Service.
`com.endeca.itl.cas.server.isPortSsl`	Specify how to interpret the CAS port setting. A value of `true` means that `com.endeca.itl.cas.server.port` is an SSL port and CAS Console uses HTTPS for connections. A value of `false` means that `com.endeca.itl.cas.server.port` is a non-SSL port and CAS Console uses HTTP for connections. The default is `false`. Specify `false` if you enabled HTTPS redirects.

Property name

Description

com.endeca.itl.cas.server.host

Specify the fully qualified name of the machine running the command-line utility.

com.endeca.itl.cas.server.port

Specify the port for Endeca CAS Service.

com.endeca.itl.cas.server.isPortSsl

Specify how to interpret the CAS port setting.

A value of true means that com.endeca.itl.cas.server.port is an SSL port and CAS Console uses HTTPS for connections.

A value of false means that com.endeca.itl.cas.server.port is a non-SSL port and CAS Console uses HTTP for connections. The default is false.

Specify false if you enabled HTTPS redirects.

Save and close commandline.properties.