Configuring Endeca Server Jetty files

You must modify Jetty files for SSL, as well as changing the start-up port for Endeca Server.

The pre-requisites for this task are that you must have created a keystore and generated secure passwords.

During the procedure, you will be modifying these files:
  • start.ini (in Jetty root directory)
  • jetty-ssl.xml (in Jetty etc directory)
  • jetty.xml (in Jetty etc directory)
  • endeca-server.windows.conf.bat on Windows or endeca-server.linux.conf on Linux (in endeca-server directory)

To modify Endeca Server's Jetty files for SSL:

  1. Back up the three configuration files, in case you need to revert your changes.
  2. In the Jetty root directory, open the start.ini file and uncomment this line:
    Before: 
    #etc/jetty-ssl.xml
    After: 
    etc/jetty-ssl.xml
    Uncommenting this line enables the jetty-ssl.xml configuration file to be used as part of the Jetty start-up process.
  3. In the Jetty etc directory, open the jetty-ssl.xml file and make these changes to the configure section for the sslContextFactory object:
    sslContextFactory Property Value
    KeyStore The name and path of the keystore file.
    KeyStorePassword The obfuscated password for the keystore.
    KeyManagerPassword The obfuscated password for the key manager.
    TrustStore The name and path of the truststore file.
    TrustStorePassword The obfuscated password for the truststore.
    needClientAuth Set to true if you are using mutually-authenticated SSL.
    You can also set other configuration properties that are documented on this page: http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors
    At this point, the sslContextFactory configuration should look similar to this example: 
    <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory">
  <Set name="KeyStore"><Property name="jetty.home" default="." />/etc/keystore</Set>
  <Set name="KeyStorePassword">OBF:1sar1uh61svy1sw01ugk1saj</Set>
  <Set name="KeyManagerPassword">OBF:1sar1uh61svy1sw01ugk1saj</Set>
  <Set name="TrustStore"><Property name="jetty.home" default="." />/etc/keystore</Set>
  <Set name="TrustStorePassword">OBF:1sar1uh61svy1sw01ugk1saj</Set>
  <Set name="needClientAuth">true</Set>
</New>
    In the addConnector configuration section, make sure that you leave 8443 as the port setting.
  4. With the above changes, you would have an SSL connector on port 8443 and a non-SSL connector on the default 8080 port. If you want to have only the SSL connector active, you can disable the non-SSL connector by commenting out the addConnector section in the jetty.xml configuration file.
  5. In the endeca-server directory, open the Endeca Server start-up configuration file (endeca-server.windows.conf.bat on Windows or endeca-server.linux.conf on Linux) and set the ENDECA_SERVER_PORT variable to 8443:
    For Windows: 
    set ENDECA_SERVER_PORT=8443
    For Linux: 
    ENDECA_SERVER_PORT=8443
  6. Re-start Endeca Server.

The next step is to configure SSL for the endeca-cmd interface.