Global options for SSL

The --ssl, --keystore and --truststore options are used to support SSL-enabled communications with an Oracle Endeca Server running over SSL.

You are required to use these options if you have enabled the Oracle Endeca Server to run only over SSL (generally, the server can have two ports, one for SSL and one for non-SSL communication).

Before using these options, you need to create a keystore or truststore file to use. For information, see Creating a keystore.

The following global options in endeca-cmd are provided to enable SSL support:
Option Description
--keystore Specifies the location of a keystore file needed for authentication to the Oracle Endeca Server.

If you use this option (or the --truststore option), it implies that SSL should be used for communication between endeca-cmd and the Oracle Endeca Server.

This means that you don't need to use the --ssl option.

Note: If you specify a keystore, this causes endeca-cmd to prompt for a password. Therefore, if you use the --keystore option, you cannot run endeca-cmd as part of a script.
--truststore Specifies the location of a truststore file needed for verifying the authenticated connection to the Oracle Endeca Server.

If you use this option (or the --keystore option), it implies that SSL should be used for communication between endeca-cmd and the Oracle Endeca Server.

This means that you don't need to use the --ssl option.

Note: If you specify a truststore, this causes endeca-cmd to prompt for a password. Therefore, if you use the --truststore option, you cannot run endeca-cmd as part of a script.
--ssl Specifies whether to use an authenticated SSL connection to the Oracle Endeca Server.

If you use either the --keystore or --truststore option, then you don't need to use the --ssl— the authenticated SSL connection is implied by specifying the keystore or the truststore file.

If you use --ssl without either a --keystore or --truststore option, you will be able to use an empty keystore and the cacerts file as your truststore. Alternatively, you can use the standard approaches for creating keystore and truststore files in Java — the keytool or cacerts file, both of which are included in the Oracle Endeca Server installation.
As an alternative to using the SSL options interactively, you can specify the values for Djavax.net.ssl.keyStore and Djavax.net.ssl.trustStore properties to endeca-cmd, by including them in the ENDECA_CMD_OPTS environment variable, as follows:
export ENDECA_CMD_OPTS="-Djavax.net.ssl.keyStore=path_to_my_keystore_file
-Djavax.net.ssl.trustStore=path_to_my_truststore_file"