This section describes how to configure SSL on the Dgraph.
The section also describes how use the enecerts utility of the Dgraph to generate standard and custom SSL certificate files. That is, you can use the enecerts utility as an alternative to the keytool utility described in the topic Creating a keystore.
When configuring SSL on the Dgraph, keep in mind how the Oracle Endeca Server communicates with the Dgraph processes it controls. The Endeca Server has hostname validation explicitly hard-coded to be off when using HTTPS between the Endeca Server and the Dgraph processes it is controlling. This is because all the URLs reference localhost since the Endeca Server and its Dgraph processes are always on the same machine. Therefore, the Endeca Server is hard-coded not to check that the hostname in the Dgraph's certificate matches the URL that it is talking to.
However, if you enable SSL on the Endeca Server, you should also enable SSL on the Dgraph. The main reason is that if the Dgraph is not secure, it can be an entry point for someone attempting to gain access to your application environment. Another use case is if you are accessing the Dgraph's Bulk Load Interface to load data from an SSL-enabled client (such as Integrator).