Follow these steps to enable secure SSL communication between the Deployment Template and the EAC Central Server, the ECR, the Assembler, the Dgraph (the MDEX engine) and the Content Acquisition System (CAS) version 3.0.x and later:

  1. Create a Java keystore and truststore to contain your certificates. For information about how to do this, see Storing generateSSLCertificates Credentials.

  2. Upload a copy of these certificates to the server on which your Deployment Template scripts will run.

  3. Update runcommand[.bat|.sh] to load your SSL keystore and truststore.

  4. In the app element of the AppConfig.xml document, update the sslEnabled attribute to true.

    The sslEnabled attribute is a application-wide setting that applies to the EAC and to CAS (if used in your application).

  5. Specify the SSL-enabled port for the EAC.

    The Endeca HTTP Service uses a separate port to communicate securely. For example, the default non-SSL connector is on port 8888 and the default SSL connector listens on port 8443. The SSL port should be specified in the eacPort attribute of the app element in the AppConfig.xml document.

  6. If you are using Discover-data-cas, specify the SSL-enabled port for CAS in DataIngest.xml and initialize_services[.bat|.sh].

    The CAS Service uses a separate port to communicate securely. For example, the default non-SSL port is 8500 and the default SSL port is 8505. The SSL port should be specified in the value attribute of casPort.

    The following example shows a sample configuration for an SSL-enabled application.

      <!--
        ########################################################################
        # EAC Application Definition
        #
      -->
      <app appName="test" eacHost="slcw5dd.us.oracle.com" eacPort="8443" 
          dataPrefix="test" sslEnabled="true" lockManager="LockManager">
        <working-dir>${ENDECA_PROJECT_DIR}</working-dir>
        <log-dir>./logs</log-dir>
      </app>
    
      <!--
        ########################################################################
        # Lock Manager - Used to set/remove/test flags and obtain/release locks
        #
      -->
      <lock-manager id="LockManager" releaseLocksOnFailure="true" />
    
    <!--
    ########################################################################
    # Content Acquisition System Server
    #
    
    <custom-component id="CAS" host-id="CASHost" class="com.Oracle Endeca.eac.toolkit.component.cas.ContentAcquisitionServerComponent">
      <properties>
        <property name="casHost" value="slcw5dd.us.oracle.com" />
        <property name="casPort" value="8505" />
      </properties>
    </custom-component>
    
    -->

  7. In AuthoringDgraphCluster.xml , set the useSsl property of the <host> element to "false" or "true" to disable or enable SSL communication:

    Disable SSL:

    <host id="AuthoringMDEXHost" hostName="FullyQualifiedHostName"	port="8888" useSsl="false"/>

    Enable SSL:

    <host id="AuthoringMDEXHost" hostName="FullyQualifiedHostName"		port="8443" useSsl="true"/>

  8. In LiveAppServerCluster .xml, set the useSsl property of the <web-app> element under the <app-server> element to "false" or "true" to disable or enable SSL communication:

    Disable SSL:

    <app-server id="LiveDiscover" hostName="FullyQualifiedHostName" port="8006">
      <web-app id="DiscoverWebApp1" contextPath="/discover" sslEnabled="false"/>
      ...
    </app-server>

    Enable SSL:

    <app-server id="LiveDiscover" hostName="FullyQualifiedHostName" port="8446"> 
      <web-app id="DiscoverWebApp1" contextPath="/discover" sslEnabled="true"/>
      ...
    </app-server>
  9. In LiveDgraphCluster.xml, set the useSsl property of the host element to "true":

    <host id="LiveMDEXHostA" hostName="FullyQualifiedHostName " port="8888" useSsl="true"/>
  10. In DataIngest.xml, set the useSsl property of the host element to "true":

    <host id="ITLHost" hostName="FullyQualifiedHostName" port="8888" useSsl="true"/>
  11. In ReportGeneration.xml, set the useSsl property of the <host> elements shown below to "false" or "true" to disable or enable SSL communication:

    Disable SSL:

    <host id="ReportGenerationHost" hostName="FullyQualifiedHostName" port="8888" useSsl="false"/> 
    <host id="WorkbenchHost" hostName="FullyQualifiedHostName" port="8888" useSsl="false"> 
      . . . 
    </host>

    Enable SSL:

    <host id="ReportGenerationHost" hostName="FullyQualifiedHostName" port="8443" useSsl="true"/> 
    <host id="WorkbenchHost" hostName="FullyQualifiedHostName" port="8443" useSsl="true">
      . . . 
    </host>	 			 

Copyright © Legal Notices