Enabling Two-Way SSL Communication for CAS

Note

In several lines of the following sample code, line breaks (denoted by the symbol ~) are inserted to make the lines fit the width of page. Do not insert line breaks into lines of actual working code.

  1. Set the property useSsl in the file %DISCOVER_DATA_CAS_APP%\config\cas\last-mile-crawl.xml to true. The default is false. For example: 

     <moduleProperty>
    <key>useSsl</key>
    <value>true</value>
 </moduleProperty>

  2. Set the sslEnabled property in the <custom-component id="CAS" ... > element in the %ENDECA_APP%\config\script\DataIngest.xml file to true, as follows: 

     <custom-component id="CAS" host-id="ITLHost"
		  class="com.endeca.eac.toolkit.component.cas.ContentAcquisitionServerComponent">	 
		<properties> 
		  .........  		 
		  <property name="casPort" value="8500" />
                     <property name="sslEnabled" value="true" /> 
		  ......... 
		</properties> 
		  ......... 
</custom-component>

  3. Update the hostname in initialize_services.bat to specify a fully qualified name (for example, slcw5dd.us.example.com) and port.

  4. Update the hostname in the load_baseline_test_data.bat file, under %DISCOVER_DATA_CAS_APP%\control\.

  5. Add the following settings to index_config_cmd.bat: 

    SET JAVA_ARGS=%JAVA_ARGS%
-Djavax.net.ssl.trustStore=C:/Endeca/ToolsAndFrameworks/11.3.1.5.0/deployment_template/ssl_certs_utility
   /bin/ssl/TS-slcw5dd.us.example.com.ks
-Djavax.net.ssl.trustStoreType=JKS
-Djavax.net.ssl.trustStorePassword=eacpass
SET JAVA_ARGS=%JAVA_ARGS%
-Djavax.net.ssl.keyStore=C:/Endeca/ToolsAndFrameworks/11.3.1.5.0/deployment_template/ssl_certs_utility
   /bin/ssl/slcw5dd.us.example.com.ks
-Djavax.net.ssl.keyStoreType=JKS
-Djavax.net.ssl.keyStorePassword=eacpass

    Note

    The two following steps alone are sufficient to enable SSL communication for the CAS Server.

  6. Make the following changes in %ENDECA_CAS_ROOT%\..\workspace\conf\server.xml:

    1. Comment the HTTP connector as follows: 

      <!-- <Connector port="8500" protocol="HTTP/1.1" connectionTimeout="60000"~ 
 redirectPort="8443" URIEncoding="UTF-8"/> -->

    2. Remove comments from the HTTPS connector. Then set the clientAuth property to "true", and specify values for the keyStoreFile and trustStoreFile properties; for example: 

      <Connector port="8446" SSLEnabled="true"
sslEnabledProtocol="TLSv1.1,TSLv1.2" 
maxThreads="150" scheme="https" secure="true"
clientAuth="true" 
sslEnabledProtocols="TLSv1.1,TLSv1.2"
keystoreFile="conf\eac.ks"
keystorePass="eacpass"
truststoreFile="conf\ca.ks"
truststorePass="eacpass" URIEncoding="UTF-8"/>

  7. Set the following properties in last-mile-crawl.xml, providing appropriate values for host_name and cas_ssl_port: 

     <moduleProperty>
   <key>host</key>
   <value>host_name</value>
 </moduleProperty>
 <moduleProperty>
   <key>port</key>
   <value>cas_ssl_port</value>
 </moduleProperty>
 <moduleProperty>
   <key>isPortSsl</key>
   <value>true</value>
 </moduleProperty>

Copyright © Legal Notices