Note
In several lines of the following sample code, line breaks (denoted by the symbol ~) are inserted to make the lines fit the width of page. Do not insert line breaks into lines of actual working code.
Set the property
useSslin the file%DISCOVER_DATA_CAS_APP%\config\cas\last-mile-crawl.xmlto true. The default is false. For example:<moduleProperty> <key>useSsl</key> <value>true</value> </moduleProperty>Set the
sslEnabledproperty in the<custom-component id="CAS" ... >element in the%ENDECA_APP%\config\script\DataIngest.xmlfile to true, as follows:<custom-component id="CAS" host-id="ITLHost" class="com.endeca.eac.toolkit.component.cas.ContentAcquisitionServerComponent"> <properties> ......... <property name="casPort" value="8505" /> <property name="sslEnabled" value="true" /> ......... </properties> ......... </custom-component>
Update the hostname in
initialize_services.batto specify a fully qualified name (for example,slcw5dd.us.example.com)and port.Update the hostname in the
load_baseline_test_data.batfile, under%DISCOVER_DATA_CAS_APP%\control\.Add the following settings to
index_config_cmd.bat:SET JAVA_ARGS=%JAVA_ARGS% -Djavax.net.ssl.trustStore=C:/Endeca/ToolsAndFrameworks/11.1.0/deployment_template/ssl_certs_utility /bin/ssl/TS-slcw5dd.us.example.com.ks -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=eacpass SET JAVA_ARGS=%JAVA_ARGS% -Djavax.net.ssl.keyStore=C:/Endeca/ToolsAndFrameworks/11.1.0/deployment_template/ssl_certs_utility /bin/ssl/slcw5dd.us.example.com.ks -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyStorePassword=eacpass
Note
The two following steps alone are sufficient to enable SSL communication for the CAS Server.
Specify passphrases, and keystore and truststore file configuration, in the
jetty.xmlfile, as in the sample below.<Call class="java.lang.System" name="setProperty"> <Arg>com.endeca.cas.port</Arg> <Arg><SystemProperty name="com.endeca.cas.port" default="8500"/></Arg> </Call> <Call class="java.lang.System" name="setProperty"> <Arg>com.endeca.cas.ssl.port</Arg> <Arg><SystemProperty name="com.endeca.cas.ssl.port" default="8505"/></Arg> </Call> <Call class="java.lang.System" name="setProperty"> <Arg>com.endeca.cas.fullyQualifiedHostName</Arg> <Arg><NIRAD-LAP1</Arg> </Call> <Call class="java.lang.System" name="setProperty"> <Arg>javax.net.ssl.trustStore</Arg> <Arg><SystemProperty name="jetty.home" default="." />/../workspace/conf/TS-NIRAD-LAP1.ks</Arg> </Call> <Call class="java.lang.System" name="setProperty"> <Arg>javax.net.ssl.trustStorePassword</Arg> <Arg>eacpass</Arg> </Call> <Call class="java.lang.System" name="setProperty"> <Arg>javax.net.ssl.trustStoreType</Arg> <Arg>JKS</Arg> </Call> <Call class="java.lang.System" name="setProperty"> <Arg>javax.net.ssl.keyStore</Arg> <Arg><SystemProperty name="jetty.home" default="." />/../workspace/conf/KKORIVI-LAP1.ks</Arg> </Call> <Call class="java.lang.System" name="setProperty"> <Arg>javax.net.ssl.keyStorePassword</Arg> <Arg>eacpass</Arg> </Call> <Call class="java.lang.System" name="setProperty"> <Arg>javax.net.ssl.keyStoreType</Arg> <Arg>JKS</Arg> </Call>
Place copies of your truststore and keystore inside CAS_ROOT.
Note
jetty.xml reads paths relative to CAS_ROOT and cannot read absolute paths.
Uncomment the following section in
jetty.xmlto add a TLSSocketConnector connector.<Call name="addConnector"> <Arg> <New class="com.endeca.itl.jetty.TLSSocketConnector"> <Set name="Port"><SystemProperty name="com.endeca.cas.ssl.port"/></Set> <Set name="maxIdleTime">600000</Set> <Set name="keystore"><SystemProperty name="javax.net.ssl.keyStore"/></Set> <Set name="keyPassword"><SystemProperty name="javax.net.ssl.keyStorePassword"/></Set> <Set name="truststore"><SystemProperty name="javax.net.ssl.trustStore"/></Set> <Set name="trustPassword"><SystemProperty name="javax.net.ssl.trustStorePassword"/></Set> <Set name="needClientAuth">true</Set> <Set name="IncludeProtocols"> <Array type="java.lang.String"> <Item>TLSv1.1</Item> <Item>TLSv1.2</Item> </Array> </Set> </New> </Arg> </Call>Set the following properties in
last-mile-crawl.xml, providing appropriate values for host_name and cas_ssl_port:<moduleProperty> <key>host</key> <value>host_name</value> </moduleProperty> <moduleProperty> <key>port</key> <value>cas_ssl_port</value> </moduleProperty> <moduleProperty> <key>isPortSsl</key> <value>true</value> </moduleProperty>
