Enabling authentication and security

If your implementation requires it, the Endeca JCD can authenticate the identity of all client requests through the use of SSL certificates. You need to generate a set of certificate files to enable SSL.

The Endeca JCD can authenticate requests made by the Control Interpreter and requests made through the browser-based JCD interface.

Keep in mind that by default, the JCD is not configured to use SSL. Therefore, you must perform all these steps to enable SSL. The procedure is documented in the Endeca Security Guide.

In order to use SSL certificates, you must:

Run a utility, enecerts, that generates the following set of certificate files. See the Endeca Security Guide for more information about using the SSL enecerts utility.
- eneCert.pem — certificate file used by all clients and servers to specify their identity when using SSL. This certificate file should be thought of as the identity of the Endeca system, or as the identity of all components of the Endeca system.
- eneCA.pem — certificate authority file used by all clients and servers to authenticate the other endpoint of a communication channel.
- eneCA.key — private key file that is used by the certificate authority (that is, the enecerts utility) to sign the eneCert.pem certificate.
- eneCA.cer — used by Microsoft Internet Explorer
- eneCert.p12 — used by Microsoft Internet Explorer
If you have multiple machines in your deployment, copy the certificate files to the same location on all machines.
Configure the jcd.conf file on all machines:
1. Configure the JCD to use SSL when communicating with other Endeca components.
2. Specify eneCert.pem as the location of the certificate that the JCD should present when communicating with other components.
3. Specify eneCA.pem as the location of the certificate authority file the JCD will use to authenticate communication from other components.
Configure the Control Interpreter’s control script:
1. Configure the Control Interpreter to use SSL when communicating with the JCD.
2. Specify eneCert.pem as the location of the certificate that the Control Interpreter should present when communicating with the JCD.
Import the certificate files into Internet Explorer on each machine from which you want to manually issue Endeca JCD commands.
Note: While this last step is not required to run the Control Interpreter, it is required if you want to connect to the Endeca JCD directly and send it commands via a browser.