Enabling SSL for the IAS Command-line Utilities

This procedure establishes a secure connection between all of the IAS Command-line Utilities and the Web services running in the Endeca IAS Service. Recall that the IAS Command-line Utilities include the IAS Server Command-line Utility, the Component Instance Manager Command-line Utility, and the Record Store Command-line Utility.

To enable SSL in the IAS command-line utilities:

Navigate to <install path>\IAS\<version>\bin on Windows or <install path>/IAS/<version>/bin on UNIX.
To enable SSL in the IAS Server Command-line Utility, open either ias-cmd.bat (for Windows) or ias-cmd.sh (for UNIX) in a text editor.
Uncomment the Java options for the truststore location (-Djavax.net.ssl.trustStore), type (-Djavax.net.ssl.trustStoreType), and password (-Djavax.net.ssl.trustStorePassword).

Replace the tokens listed below for the truststore location path, type, and password values as appropriate for your environment.

Property	Token to replace
`javax.net.ssl.trustStore`	`@TRUSTSTORE_FILE@`
`javax.net.ssl.trustStorePassword`	`@TRUSTSTORE_PASSWORD@`
`javax.net.ssl.trustStoreType`	`JKS`

For example, on Windows, uncomment and modify options similar to the following:

REM Setup the Trust Store
SET JVM_ARGS=-Djavax.net.ssl.trustStore="C:\Oracle\Endeca\IAS\workspace\conf\truststore.ks" %JVM_ARGS%
SET JVM_ARGS=-Djavax.net.ssl.trustStoreType=JKS %JVM_ARGS%
SET JVM_ARGS=-Djavax.net.ssl.trustStorePassword=endeca %JVM_ARGS%

For example, on UNIX, uncomment and modify options similar to the following:

# Setup the Trust Store
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStore=$IAS_WORKSPACE/conf/truststore.ks"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStoreType=JKS"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.trustStorePassword=endeca"

If you enabled mutual authentication in jetty.xml, uncomment the Java options for the keystore location (-Djavax.net.ssl.keyStore), type (-Djavax.net.ssl.keyStoreType), and password (-Djavax.net.ssl.keyStorePassword).

If you uncommented the keystore options, replace the tokens listed below for the keystore location path, type and password values as appropriate for your environment.

Property	Token to replace
`javax.net.ssl.keyStore`	`@KEYSTORE_FILE@`
`javax.net.ssl.keyStorePassword`	`@KEYSTORE_PASSWORD@`
`javax.net.ssl.keyStoreType`	`JKS`

For example, on Windows you uncomment and modify options similar to the following:

SET JVM_ARGS=-Djavax.net.ssl.keyStore="C:\Oracle\Endeca\IAS\workspace\conf\keystore.ks" %JVM_ARGS%
SET JVM_ARGS=-Djavax.net.ssl.keyStoreType=JKS %JVM_ARGS%
SET JVM_ARGS=-Djavax.net.ssl.keyStorePassword=endeca %JVM_ARGS%

For example, on UNIX you uncomment and modify options similar to the following:

JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStore=$IAS_WORKSPACE/conf/keystore.ks"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStoreType=JKS"
JVM_ARGS="$JVM_ARGS -Djavax.net.ssl.keyStorePassword=endeca"

Save and close either ias-cmd.bat (for Windows) or ias-cmd.sh.
Similarly, to enable SSL and mutual authentication in the CIM Command-line Utility (component-manager-cmd) and the Record Store Command-line Utility (recordstore-cmd):
1. Open the batch or shell files.
2. Uncomment the truststore and keystore properties listed above.
3. Modify the property values as appropriate for your environment.
4. Save and close the files.

If you disabled HTTPS redirects, navigate to %ENDECA_TOOLS_CONF%\conf on Windows or $ENDECA_TOOLS_CONF/conf on UNIX. (You do not need to perform this step if using HTTPS redirects.)

Open commandline.properties in a text editor.

Modify the following properties:

Property name	Description
`com.endeca.eidi.ias.server.host`	Specify the fully qualified name of the machine running the command-line utility.
`com.endeca.eidi.ias.server.port`	Specify the port for Endeca IAS Service.
`com.endeca.eidi.ias.server.isPortSsl`	Specify how to interpret the IAS port setting. A value of `true` means that `com.endeca.eidi.ias.server.port` is an SSL port and IAS uses HTTPS for connections. A value of `false` means that `com.endeca.eidi.ias.server.port` is a non-SSL port and IAS uses HTTP for connections. The default is `false`. Specify `false` if you enabled HTTPS redirects.

Property name

Description

com.endeca.eidi.ias.server.host

Specify the fully qualified name of the machine running the command-line utility.

com.endeca.eidi.ias.server.port

Specify the port for Endeca IAS Service.

com.endeca.eidi.ias.server.isPortSsl

Specify how to interpret the IAS port setting.

A value of true means that com.endeca.eidi.ias.server.port is an SSL port and IAS uses HTTPS for connections.

A value of false means that com.endeca.eidi.ias.server.port is a non-SSL port and IAS uses HTTP for connections. The default is false.

Specify false if you enabled HTTPS redirects.

Save and close commandline.properties.