Follow these steps to enable SSL communication to and from the Workbench, the Assembler, and Tools and Frameworks:
Note
In several lines of the following sample code, line breaks (denoted by the symbol ~) are inserted to make the lines fit the width of page. Do not insert line breaks into lines of actual working code.
Make the following changes in
%ENDECA_TOOLS_CONF%\conf\server.xml:Comment the HTTP connector as follows:
<!-- <Connector port="8006" protocol="HTTP/1.1" connectionTimeout="20000"~ maxPostSize="0" redirectPort="8446" URIEncoding="UTF-8"/> -->Remove comments from the HTTPS connector. Then set the
clientAuthproperty to "true", and specify values for thekeyStoreFileandtrustStoreFileproperties; for example:<Connector port="8446" SSLEnabled="true" protocol="org.apache.coyote.http11.Http11Protocol" maxPostSize="0" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslEnabledProtocols="TLSv1.1,TLSv1.2" keystoreFile="/localdisk/endeca/ToolsAndFrameworks/11.1.0~ /deployment_template/ssl_certs_utility/bin/ssl/slcw5dd.us.example.com.ks" keystorePass="eacpass" truststoreFile="/localdisk/endeca/ToolsAndFrameworks/11.1.0~ /deployment_template/ssl_certs_utility/bin/ssl /TS-slcw5dd.us.example.com.ks" truststorePass="eacpass" URIEncoding="UTF-8"/>
Make the following changes in
%ENDECA_TOOLS_CONF%\webstudio.properties:If the EAC server is running over SSL, update the EAC server host and port properties; for example:
# The EAC Central Server that this Workbench uses com.endeca.webstudio.eac.hostname=slcw5dd.us.example.com com.endeca.webstudio.eac.port=8443 com.endeca.webstudio.eac.useHttps=true
Set the flag to true to enable SSL communications to and from T&F:
# The SSL settings for connecting to SSL-enabled Components # like EAC, MDEX com.endeca.webstudio.client.communication.ssl=true
Uncomment following snippet to enable either plain text passphrases or credential store [OCS] passphrases:
# Configure your key store and trust store information here. # Note : javax.net.ssl.trustStorePassword and javax.net.ssl.keyStorePassword must not # be used in case of using OCS to store trust Store/ key store passwords. javax.net.ssl.trustStore=C:/Endeca/ToolsAndFrameworks/11.1.0~ /deployment_template/ssl_certs_utility/bin/ssl/TS-slcw5dd.us.example.com.ks javax.net.ssl.trustStoreType=JKS #javax.net.ssl.trustStorePassword=eacpass javax.net.ssl.keyStore=C:/Endeca/ToolsAndFrameworks/11.1.0~ /deployment_template/ssl_certs_utility/bin/ssl/slcw5dd.us.example.com.ks javax.net.ssl.keyStoreType=JKS javax.net.ssl.keyStorePassword=eacpass #------ Oracle Credential Store configuration to retrieve #------ trustStorePassword and keyStorePassword from credential store # #------ jpsConfigPath - Absolute path to jps-config.xml #------ storeMapName - Map name under which trustStorePassword & keyStorePassword are pushed into OCS. #------ trustStoreKeyName - Key name under which trustStorePassword #------ is pushed into OCS. #------ keyStoreKeyName - Key name under which keyStorePassword #------ is pushed into OCS. com.endeca.webstudio.ssl.jpsConfigPath=C:/Endeca/ToolsAndFrameworks~ /11.1.0/server/workspace/credential_store/jps-config.xml com.endeca.webstudio.ssl.storeMapName=oracleCommerceSSLPassPhrase com.endeca.webstudio.ssl.trustStoreKeyName=ts-key com.endeca.webstudio.ssl.keyStoreKeyName=ks-key
In
WorkbenchConfig.xml, update the protocol to https in therepositoryUrlproperty of the IFCR custom-component; for example:<custom-component id="IFCR" host-id="ITLHost" class="com.endeca.soleng.~ eac.toolkit.component.IFCRComponent"> <properties> <property name="repositoryUrl" value="https://~ busgt5706.oradev.oraclecorp.com:8446/ifcr" /> ... </properties> <custom-component>
