Modifying the server.xml

You must modify the server.xml file for the Tomcat that is hosting the EAC.

Before you can use SSL with the EAC, you must edit its server.xml file as described below. Before beginning, make sure that you have generated keystore and truststore certificates for the EAC.

To enable the HTTPS connector in Tomcat:

  1. Stop the Endeca HTTP Service.
  2. Navigate to %ENDECA_CONF%\conf (on Windows) or $ENDECA_CONF/conf (on UNIX).
  3. Open the server.xml file.
  4. Remove the comments around the Connector element for port 8443, so that the result looks like this: 
    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192" SSLEnabled="true"
   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
   enableLookups="false" disableUploadTimeout="true"
   acceptCount="100" scheme="https" secure="true"
   clientAuth="true" sslProtocol="TLS"
   keystoreFile="conf/eac.ks" keystorePass="eacpass"
   truststoreFile="conf/ca.ks" truststorePass="eacpass"
   URIEncoding="UTF-8"/>
  5. For the keystorePass and truststorePass attributes, make sure that the passphrases match those in the certificates.
  6. Optionally, change the port number to something other than 8443 if you do not want to use that default.
  7. Change the redirectPort attribute on the regular HTTP connector to point to this same port. Alternatively, you can comment out the non-SSL connector in the server.xml file.
    Note: If you are using eaccmd, do not comment out the non-SSL connector in the EAC Central Server’s server.xml file.
  8. Save and close the server.xml file.
  9. Restart the Endeca HTTP Service.

The tag specifies an explicit location for the Java keystore and a passphrase to allow it to use the Application Controller keystore in the Tomcat conf directory. If you remove these attributes, Tomcat uses the default keystore in the user’s home directory and assumes a passphrase of "changeit".