Key generation utility syntax

The generate_ssl_keys utility creates the SSL certificate keys.

There are specific versions of the generate_ssl_keys utility for each operating system:

Linux: generate_ssl_keys.sh
Windows: generate_ssl_keys.bat

The utility is located in the $DOMAIN_HOME/EndecaServer/bin directory. For example, if endeca_server_domain is the name of your WebLogic domain for Endeca Server, then the default path on Windows is:

C:\Oracle\Middleware\user_projects\domains\endeca_server_domain\EndecaServer\bin

Important: If you are deploying an Endeca Server cluster, make sure to generate SSL certificates after you have installed the Endeca Server on the Admin Server and before you have cloned the Admin Server to create Managed Servers.

The syntax for the utility is:

generate_ssl_keys --username <wls-domain-admin-username> --password <wls-domain-password>
     --sslPassphrase <phrase> [--url <wls-admin-url>] [--syncOnly]

The meanings of the flags are:

Flag	Meaning
`--username`	Mandatory. Specifies an admin username for this domain. You can use the same username that you specified when you created the WebLogic domain for the Endeca Server application.
`--password`	Mandatory. Specifies the password for the username. You can use the same password that you specified when you created the username for the WebLogic domain for the Endeca Server application.
`--sslPassphrase`	Mandatory. Specifies the passphrase for the new SSL keys.
`--url`	Optional. Specifies the URL of the WebLogic Server if it is running on a host:port other than the default. It defaults to t3://localhost:<server_port> (where `server_port` is the port you specified in the installer). The script runs against `localhost` and `server_port`. If either or both have changed, use this flag to specify the correct host:port. Note that the argument must be a full URL and it must use the `t3` protocol.
`--syncOnly`	Optional. This flag re-synchronizes your existing SSL keys across your Endeca Server cluster deployed in the WebLogic domain (that is, across a set of Managed Servers). This flag does not take an argument. Running the `generate_ssl_keys` utility with `--syncOnly` processes the keys for each of the existing Managed Servers and the Admin Server to make sure they all are set with the same SSL configuration. Using this flag is useful, for example, if you deploy a brand-new Managed Server in the Endeca Server cluster and do not set up the SSL configuration in it properly. Note that you cannot change the passphrase with this flag; this means that you must specify an existing passphrase with the `--sslPassphrase` flag when you use the `--syncOnly` flag.

Expiration date

The server and client certificates are valid for 1460 days (4 years) from the time that they are generated. When they expire, you must generate new keys.

Usage example

A usage example is:

generate_ssl_keys --username ESUser --password welcome1 --sslPassphrase thx1138