Oracle Endeca Platform Services Security Guide Version 6.1.3 · June 2012
Copyright © 2003, 2012, Oracle and/or its affiliates. All rights reserved.
You can use the enecerts utility to generate customized certificates.
The next two sections describe these operations.
--keysize bitswhere bits is the private key size in bits (default value is 1024).
enecerts --keysize 2048
Keep in mind that using larger keys will slow system performance. A recommended alternative to the default 1024-bit size is a key size of 512 bits, which will give you a good balance between security and performance considerations.
By default, the enecerts utility produces the eneCert.pem certificate (used by all clients and servers to specify their identity when using SSL) and the eneCA.pem CA certificate (used by all clients and servers that wish to authenticate the other endpoint of a communication channel).
If you have your own CA certificate and private-key files, you can use the --CAkey and --CAcert flags to generate the eneCert.pem certificate. The private-key file (.key extension) is used to digitally sign the public key that is generated by the enecerts utility. Both flags must be used for this operation.
--CAkey private-keywhere private-key is your own .key file with the private key for the CA that should be used to sign the generated certificate.
--CAcert cert-pemwhere cert-pem is your CA certificate (.pem extension). This file is the same type of file as the default eneCA.pem CA certificate.
enecerts --CAkey myCA.key --CAcert myCA.pem
You would then use the resulting eneCert.pem certificate and your CA file (myCA.pem in the example) to configure SSL for your Endeca components. If you have multiple machines in your deployment, you must also copy these files to the other machines.
Oracle Endeca Platform Services Security Guide Version 6.1.3 · June 2012
Copyright © 2003, 2012, Oracle and/or its affiliates. All rights reserved.