Creating SSL certificates

This topic describes how to generate certificates if your Endeca Server deployment is installed in secure (SSL) mode.

The pre-requisite to this task is that you must have installed Endeca Server in SSL mode.

There are specific versions of the generate_ssl_keys utility for each operating system:
  • Linux: generate_ssl_keys.sh
  • Windows: generate_ssl_keys.bat

The utility is located in the $DOMAIN_HOME/EndecaServer/bin directory. For more information on the generate_ssl_keys utility, see the Oracle Endeca Server Security Guide.

Important: If you are deploying an Endeca Server cluster, make sure to generate SSL certificates after you have installed the Endeca Server on the Admin Server and before you have cloned the Admin Server to create Managed Servers.

To generate SSL certificates:

  1. Start the Admin Server for the Endeca Server domain.
  2. From a command prompt, change to the $DOMAIN_HOME/EndecaServer/bin directory.
  3. Run the generate_ssl_keys utility with a valid WebLogic administrator name (the --username flag), administrator password (the --password flag), and a strong passphrase for the keys (the --sslPassphrase flag). For example: 
    generate_ssl_keys --username ES_Admin --password welcome1 --sslPassphrase thx1138
    A successful procedure is indicated when you see a message that ends as follows: 
    The following non-dynamic attribute(s) have been changed on MBeans
that require server re-start:
MBean Changed : com.bea:Name=AdminServer,Type=SSL,Server=AdminServer
Attributes changed : HostnameVerificationIgnored, JSSEEnabled

Activation completed

Done! Your WLS server(s) may need to be restarted for
all changes to take effect.
  4. Stop and then re-start the WebLogic Server.
The generate_ssl_keys utility:
  • Creates the SSL certificates in the $DOMAIN_HOME/config/ssl directory.
  • Updates the EndecaServer.properties and EndecaCmd.properties files (in the $DOMAIN_HOME/config directory) with the pathnames of the key files.
  • Enables the SSL Listen Port of 7002 in WebLogic Server, and sets 7002 as the port on which Endeca Server is started.

The next task is to import the PKCS12 certificate into your browser.

Keep in mind that when issuing Endeca Server commands, you should use the SSL version of the endeca-cmd script, which resides by default in the $DOMAIN_HOME/EndecaServer/bin directory.