Global options for SSL

These global options are used to support SSL-enabled communications with an Oracle Endeca Server running over SSL.

You are required to use these options if you have enabled the Oracle Endeca Server to run only over SSL. Before using these options, you must run the generate_ssl_keys utility to generate the required keystore and truststore certificates:

endecaServerClientCert.ks keystore
endecaServerTrustStore.ks truststore

These files are placed in the $DOMAIN_HOME/config/ssl directory. For details on this utility, see the Oracle Endeca Server Installation Guide.

Note: This topic assumes that you are using the non-SSL version of the endeca-cmd utility. The SSL version references a configuration file that provides the certificate locations, so you do not have to use these options. For details on the SSL version of the endeca-cmd utility, see SSL version of endeca-cmd.

The following global options in endeca-cmd are provided to enable SSL support:

Option	Description
`--keystore`	Specifies the location of a keystore file needed for authentication to the Oracle Endeca Server. For example, the endecaServerClientCert.ks keystore can be used. If you use this option, it implies that SSL should be used for communication between `endeca-cmd` and the Oracle Endeca Server. This means that you don't need to use the `--ssl` option. Note: If you specify a keystore, this causes `endeca-cmd` to prompt for a password. Therefore, if you use the `--keystore` option, you cannot run `endeca-cmd` as part of a script.
`--truststore`	Specifies the location of a truststore file needed for verifying the authenticated connection to the Oracle Endeca Server. For example, the endecaServerTrustStore.ks truststore can be used. If you use this option, it implies that SSL should be used for communication between `endeca-cmd` and the Oracle Endeca Server. This means that you don't need to use the `--ssl` option. Note: If you specify a truststore, this causes `endeca-cmd` to prompt for a password. Therefore, if you use the `--truststore` option, you cannot run `endeca-cmd` as part of a script.
`--ssl`	Specifies whether to use an authenticated SSL connection to the Oracle Endeca Server. If you use either the `--keystore` or `--truststore` option, then you don't need to use the `--ssl` option, as the authenticated SSL connection is implied by specifying the keystore or the truststore file. If you use `--ssl` without either a `--keystore` or `--truststore` option, you can use an empty keystore and the `cacerts` file as your truststore. Alternatively, you can use the standard approaches for creating keystore and truststore files in the WebLogic Server.
`--password`	Specifies a password for accessing the keystore and its key, and the truststore. The keystore and truststore are both assumed to use this password. The password used for the key in the keystore will be this password with "clientkey" appended (and in the case of failure, this password will also be tried for the key). This option is intended for use in scripts.
`--keystore-password`	Specifies a password for accessing the keystore (overrides the `--password` option). This option is intended for use in scripts.
`--truststore-password`	Specifies a password for accessing the truststore (overrides the `--password` option). This option is intended for use in scripts.
`--key-password`	Specifies a password for accessing the key within the keystore (overrides the `--password` option) This option is intended for use in scripts.