[/map {"- map/map "}) [/map/topicref {"- map/topicref "}) [/map/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicmeta/navtitle {"- topic/navtitle "}) About this guide (navtitle][/map/topicref/topicmeta/linktext {"- map/linktext "}) About this guide (linktext][/map/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This guide describes the Oracle Endeca Server security features and the major tasks involved in using them to develop a secure Endeca implementation. (shortdesc] (topicmeta] (topicref] [/map/topicref {"- map/topicref "}) [/map/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicmeta/navtitle {"- topic/navtitle "}) Introduction to Endeca Server Security (navtitle][/map/topicref/topicmeta/linktext {"- map/linktext "}) Introduction to Endeca Server Security (linktext][/map/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This section provides overviews of some security topics for both Endeca Server and WebLogic Server. (shortdesc] (topicmeta][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Overview of Endeca Server security (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Overview of Endeca Server security (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) The Endeca Server uses SSL for communication between its components.これには、問合せのセキュリティ・フィルタも含まれます。The Endeca Server application deployed in the WebLogic domain can be administered by the WebLogic domain administrator. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Overview of WebLogic Server security (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Overview of WebLogic Server security (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) Because the Endeca Server application runs in a J2EE container in the WebLogic Server, you should be aware of some of the security features of WebLogic Server. (shortdesc] (topicmeta] (topicref] (topicref][/map/topicref {"- map/topicref "}) [/map/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicmeta/navtitle {"- topic/navtitle "}) Installation and OS Security (navtitle][/map/topicref/topicmeta/linktext {"- map/linktext "}) Installation and OS Security (linktext][/map/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This section provides information on an installation strategy and security resources for your Linux or Windows operating system. (shortdesc] (topicmeta][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Installing WebLogic securely (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Installing WebLogic securely (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) Minimizing your software footprint contributes to a security system because you are reducing the possible areas of attack. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Hardening the Linux OS (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Hardening the Linux OS (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) If you use the Linux operating system, you should read two OTN (Oracle Technology Network) articles on security, as well as an NSA security document. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Windows security resources (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Windows security resources (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) The Microsoft TechNet site is a starting point for Windows security resources. (shortdesc] (topicmeta] (topicref] (topicref][/map/topicref {"- map/topicref "}) [/map/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicmeta/navtitle {"- topic/navtitle "}) Endeca Server Communications (navtitle][/map/topicref/topicmeta/linktext {"- map/linktext "}) Endeca Server Communications (linktext][/map/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This section discusses communications and authentications between Endeca Server and its client programs. (shortdesc] (topicmeta][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Endeca Server authentication of clients (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Endeca Server authentication of clients (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) The Endeca Server application running in the WebLogic domain uses SSL mutual authentication when it communicates with the Dgraph process and the endeca-cmd command utility. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Endeca Server and the endeca-cmd command interface (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Endeca Server and the endeca-cmd command interface (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) In a secure installation of the Endeca Server, the endeca-cmd utility communicates with the Endeca Server securely. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Communication between Endeca Server and the Dgraph process (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Communication between Endeca Server and the Dgraph process (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) When SSL is enabled on the Endeca Server, it is also enabled on the Dgraph process.Additionally, it is recommended that all clients of the Endeca Server contact the particular data domain (and any of its Dgraph processes) through the Endeca Server Java application hosted by the WebLogic Server. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) About connecting Web browsers to data domains (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) About connecting Web browsers to data domains (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) You should never allow user Web browsers to connect directly to the machine hosting the Endeca Server and the Endeca data domains.管理者以外が起動するブラウザは、常にアプリケーション・サーバーを介してアプリケーションに接続する必要があります。If you use Studio with the Endeca Server, this requirement is satisfied by user authentication and security features in Studio. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) IPv4 and IPv6 address support (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) IPv4 and IPv6 address support (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) The Oracle Endeca Server and its Dgraph process support both IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6) addressing schemes for connections. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Encryption (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Encryption (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) When installed securely over SSL, the Endeca Server supports SSL/TLS ciphers for encryption of its messages between the Endeca Server and the Dgraph. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Cluster Coordinator authentication (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Cluster Coordinator authentication (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) The Dgraph process and Endeca Server both rely on structures in the Cluster Coordinator for proper operation. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Security considerations for the Endeca Server Cluster (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Security considerations for the Endeca Server Cluster (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) You should be aware of additional security concerns if you have an Endeca Server cluster deployment instead of a single-machine Endeca Server deployment. (shortdesc] (topicmeta] (topicref] (topicref][/map/topicref {"- map/topicref "}) [/map/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicmeta/navtitle {"- topic/navtitle "}) Key Generation Utility (navtitle][/map/topicref/topicmeta/linktext {"- map/linktext "}) Key Generation Utility (linktext][/map/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This section describes the utility used to generate SSL certificates. (shortdesc] (topicmeta][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Key generation utility syntax (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Key generation utility syntax (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) The generate_ssl_keys utility creates the SSL certificate keys. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Creating SSL certificates (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Creating SSL certificates (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This topic describes how to run the generate_ssl_keys utility. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Regenerating keys (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Regenerating keys (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) You can regenerate your SSL keys with a new passphrase. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring SSL certificates in your browser (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Configuring SSL certificates in your browser (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This topic describes how to import a PKCS12 certificate in your browser. (shortdesc] (topicmeta] (topicref] (topicref] [/map/topicref {"- map/topicref "}) [/map/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicmeta/navtitle {"- topic/navtitle "}) Conventions used in this guide (navtitle][/map/topicref/topicmeta/linktext {"- map/linktext "}) Conventions used in this guide (linktext][/map/topicref/topicmeta/shortdesc {"- map/shortdesc "}) The following conventions are used in this document. (shortdesc] (topicmeta] (topicref] [/map/topicref {"- map/topicref "}) [/map/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicmeta/navtitle {"- topic/navtitle "}) Copyright and disclaimer (navtitle][/map/topicref/topicmeta/linktext {"- map/linktext "}) Copyright and disclaimer (linktext] (topicmeta] (topicref] [/map/reltable {"- map/reltable "}) [/map/reltable/relheader {"- map/relheader "}) [/map/reltable/relheader/relcolspec {"- map/relcolspec "}) (relcolspec][/map/reltable/relheader/relcolspec {"- map/relcolspec "}) (relcolspec] (relheader] [/map/reltable/relrow {"- map/relrow "}) [/map/reltable/relrow/relcell {"- map/relcell "}) [/map/reltable/relrow/relcell/topicref {"- map/topicref "}) [/map/reltable/relrow/relcell/topicref/topicmeta {"- map/topicmeta "}) [/map/reltable/relrow/relcell/topicref/topicmeta/navtitle {"- topic/navtitle "}) About this guide (navtitle][/map/reltable/relrow/relcell/topicref/topicmeta/linktext {"- map/linktext "}) About this guide (linktext][/map/reltable/relrow/relcell/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This guide describes the Oracle Endeca Server security features and the major tasks involved in using them to develop a secure Endeca implementation. (shortdesc] (topicmeta] (topicref] (relcell][/map/reltable/relrow/relcell {"- map/relcell "}) [/map/reltable/relrow/relcell/topicref {"- map/topicref "}) [/map/reltable/relrow/relcell/topicref/topicmeta {"- map/topicmeta "}) [/map/reltable/relrow/relcell/topicref/topicmeta/navtitle {"- topic/navtitle "}) Introduction to Endeca Server Security (navtitle][/map/reltable/relrow/relcell/topicref/topicmeta/linktext {"- map/linktext "}) Introduction to Endeca Server Security (linktext][/map/reltable/relrow/relcell/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This section provides overviews of some security topics for both Endeca Server and WebLogic Server. (shortdesc] (topicmeta] (topicref] [/map/reltable/relrow/relcell/topicref {"- map/topicref "}) [/map/reltable/relrow/relcell/topicref/topicmeta {"- map/topicmeta "}) [/map/reltable/relrow/relcell/topicref/topicmeta/navtitle {"- topic/navtitle "}) Installation and OS Security (navtitle][/map/reltable/relrow/relcell/topicref/topicmeta/linktext {"- map/linktext "}) Installation and OS Security (linktext][/map/reltable/relrow/relcell/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This section provides information on an installation strategy and security resources for your Linux or Windows operating system. (shortdesc] (topicmeta] (topicref] [/map/reltable/relrow/relcell/topicref {"- map/topicref "}) [/map/reltable/relrow/relcell/topicref/topicmeta {"- map/topicmeta "}) [/map/reltable/relrow/relcell/topicref/topicmeta/navtitle {"- topic/navtitle "}) Endeca Server Communications (navtitle][/map/reltable/relrow/relcell/topicref/topicmeta/linktext {"- map/linktext "}) Endeca Server Communications (linktext][/map/reltable/relrow/relcell/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This section discusses communications and authentications between Endeca Server and its client programs. (shortdesc] (topicmeta] (topicref] [/map/reltable/relrow/relcell/topicref {"- map/topicref "}) [/map/reltable/relrow/relcell/topicref/topicmeta {"- map/topicmeta "}) [/map/reltable/relrow/relcell/topicref/topicmeta/navtitle {"- topic/navtitle "}) Key Generation Utility (navtitle][/map/reltable/relrow/relcell/topicref/topicmeta/linktext {"- map/linktext "}) Key Generation Utility (linktext][/map/reltable/relrow/relcell/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This section describes the utility used to generate SSL certificates. (shortdesc] (topicmeta] (topicref] (relcell] (relrow] (reltable] (map]