[/map {"- map/map "}) [/map/topicref {"- map/topicref "}) [/map/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring SSL (navtitle][/map/topicref/topicmeta/linktext {"- map/linktext "}) Configuring SSL (linktext][/map/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This section describes how configure Oracle Endeca Server to use SSL. (shortdesc] (topicmeta][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) About configuring SSL in Endeca Server (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) About configuring SSL in Endeca Server (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) Configuring SSL in Endeca Server enables SSL communication among all the components. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring SSL on Jetty (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Configuring SSL on Jetty (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This section describes the tasks necessary to enable SSL on the Jetty application server. (shortdesc] (topicmeta][/map/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Creating a keystore (navtitle][/map/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Creating a keystore (linktext][/map/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This topic describes how to create a JKS keystore. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Obfuscating passwords (navtitle][/map/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Obfuscating passwords (linktext][/map/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) You should obfuscate the SSL connector keystore password for greater security. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring Endeca Server Jetty files (navtitle][/map/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Configuring Endeca Server Jetty files (linktext][/map/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) You must modify Jetty files for SSL, as well as changing the start-up port for Endeca Server. (shortdesc] (topicmeta] (topicref] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Enabling SSL for the endeca-cmd interface (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Enabling SSL for the endeca-cmd interface (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) You must use endeca-cmd interface global options to specify the location of the keystore and truststore files. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring SSL on the Dgraph (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Configuring SSL on the Dgraph (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This section describes how to configure SSL on the Dgraph. (shortdesc] (topicmeta][/map/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Certificate files used by components connecting with the Dgraph (navtitle][/map/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Certificate files used by components connecting with the Dgraph (linktext][/map/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) You configure SSL among the components by using a set of certificate files. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Using enecerts to generate SSL certificates (navtitle][/map/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Using enecerts to generate SSL certificates (linktext][/map/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) You can use the enecerts utility program to generate new SSL certificate files. (shortdesc] (topicmeta][/map/topicref/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Generating standard SSL certificates on Linux (navtitle][/map/topicref/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Generating standard SSL certificates on Linux (linktext][/map/topicref/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This procedure shows how to generate the set of standard certificates with a 1024-bit private key size on Linux platforms. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Generating standard SSL certificates on Windows (navtitle][/map/topicref/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Generating standard SSL certificates on Windows (linktext][/map/topicref/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This procedure shows how to generate the set of standard certificates with a 1024-bit private key size on Windows platforms. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Generating custom certificates (navtitle][/map/topicref/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Generating custom certificates (linktext][/map/topicref/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) You can use the enecerts utility to generate customized certificates. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Copying the SSL certificates to other machines (navtitle][/map/topicref/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Copying the SSL certificates to other machines (linktext][/map/topicref/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) All machines that are running your deployment must use the same SSL certificates. (shortdesc] (topicmeta] (topicref] (topicref][/map/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring the Dgraph for SSL mutual authentication (navtitle][/map/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Configuring the Dgraph for SSL mutual authentication (linktext][/map/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This topic describes high level steps required to configure an SSL mutual authentication between the Dgraph and an external machine. The authentication uses certificates signed by a certificate authority (CA). This setup may apply if your Dgraph and external machines are hosted outside the firewall, or if a two-way authentication is required between them. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Converting PEM-format keys to JKS format (navtitle][/map/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Converting PEM-format keys to JKS format (linktext][/map/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) This topic describes how to convert PEM-format certificates to the standard Java KeyStore (JKS) format. (shortdesc] (topicmeta] (topicref] (topicref] (topicref] (map]