Enabling the Endeca Web Crawler to write to an SSL enabled Record Store instance

This procedure establishes a secure connection between the Endeca Web Crawler and the Record Store Web service running in the Endeca IAS Service.

This task requires that you have already configured the Endeca Web Crawler to write to a Record Store instance. If you have not done so, see "Configuring Web crawls to write output to a Record Store instance" in the IAS Web Crawler Guide.

To enable SSL in the Endeca Web Crawler:

  1. Navigate to <install path>\IAS\<version>\bin on Windows or <install path>/IAS/<version>/bin on UNIX.
  2. Open either web-crawler.bat (for Windows) or web-crawler.sh (for UNIX) in a text editor.
  3. Uncomment the Java options for the truststore location (-Djavax.net.ssl.trustStore), type (-Djavax.net.ssl.trustStoreType), and password (-Djavax.net.ssl.trustStorePassword).
  4. Replace the tokens listed below for the truststore location path, type, and password values as appropriate for your environment.
    Property Token to replace
    javax.net.ssl.trustStore @TRUSTSTORE_FILE@
    javax.net.ssl.trustStorePassword @TRUSTSTORE_PASSWORD@
    javax.net.ssl.trustStoreType JKS

    For example, on Windows, uncomment and modify options similar to the following: 

    SET JVM_ARGS=-Djavax.net.ssl.trustStore="C:\Oracle\Endeca\IAS\workspace\conf\truststore.ks" %JVM_ARGS%
SET JVM_ARGS=-Djavax.net.ssl.trustStoreType=JKS %JVM_ARGS%
SET JVM_ARGS=-Djavax.net.ssl.trustStorePassword=endeca %JVM_ARGS%

    For example, on UNIX, uncomment and modify options similar to the following: 

    JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStore=$IAS_WORKSPACE/conf/truststore.ks"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStoreType=JKS"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStorePassword=endeca"
  5. If you enabled mutual authentication in jetty.xml, uncomment Java options for the keystore location (-Djavax.net.ssl.keyStore), type (-Djavax.net.ssl.keyStoreType), and password (-Djavax.net.ssl.keyStorePassword ).
  6. If you uncommented the keystore options, replace the tokens listed below for the keystore location path, type and password values as appropriate for your environment.
    Property Token to replace
    javax.net.ssl.keyStore @KEYSTORE_FILE@
    javax.net.ssl.keyStorePassword @KEYSTORE_PASSWORD@
    javax.net.ssl.keyStoreType JKS
    For example, on Windows you uncomment and modify options similar to the following: 
    SET JVM_ARGS=-Djavax.net.ssl.keyStore="C:\Oracle\Endeca\IAS\workspace\conf\keystore.ks" %JVM_ARGS%
SET JVM_ARGS=-Djavax.net.ssl.keyStoreType=JKS %JVM_ARGS%
SET JVM_ARGS=-Djavax.net.ssl.keyStorePassword=endeca %JVM_ARGS%
    For example, on UNIX you uncomment and modify options similar to the following: 
    JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStore=$IAS_WORKSPACE/conf/keystore.ks"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStoreType=JKS"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStorePassword=endeca"
  7. Save and close either web-crawler.bat (for Windows) or web-crawler.sh (for UNIX).
  8. If you disabled HTTPS redirects, open either default.xml (for global configuration of the Endeca Web Crawler) or site.xml (for per-crawl property overrides) in a text editor. (You do not need to change this file or the isPortSsl property if you are using HTTPS redirects.)
  9. Add the isPortSsl configuration property to specify how to interpret the IAS port setting. Setting the property to true instructs the Web Crawler to use the IAS port as an HTTPS port. Setting the property to false means the IAS port is treated as an HTTP port. If you enabled redirects for the Endeca IAS Service, you typically set the property to false and let the redirect forward the request to the SSL port.

    For example: 

    <property>
	<name>output.recordStore.isPortSsl</name>
	<value>false</value>
	<description>
	Whether or not to use the IAS port as an HTTPS port to 
 communicate with the record store service.
	Default: false
	</description>
</property>