About configuring SSL in Endeca Server

Configuring SSL in Endeca Server enables SSL communication among all the components.

Configuring SSL in Endeca Server comprises these high-level steps:
  1. Enable SSL for the Endeca Server's Jetty application server.
  2. Enable SSL for the Endeca Server's endeca-cmd command interface.
  3. Enable SSL for the Endeca data store.

The steps are described in detail in later topics.

If you are running Studio, you can also enable SSL for Studio. For details, see the Oracle Endeca Information Discovery Studio User's Guide.

Note: Enabling SSL on the Endeca Cluster Coordinator service is not supported.

Certificate-generating tools

There are a variety of tools that you can use to generate keys and certificates. One of the most common is the keytool utility.

Endeca Server ships with a copy of keytool in this default location:
  • Windows: C:\Oracle\Endeca\Server\<version>\shared\jre\bin
  • Linux: Oracle/Endeca/Server/<version>/shared/jre/bin
Full documentation for the Java 6 version of keytool (for Windows) is available here:
http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

Alternatively, you can use the enecerts utility described later in this chapter, in Using enecerts to generate SSL certificates.

Default cacerts certificates file

A certificates file named cacerts is shipped in the shared/jre/lib/security directory. The cacerts file represents a system-wide keystore with CA certificates. The default password of the cacerts file is changeit. You should change the default password if you intend to use the file. You can configure and manage the file with the keytool utility, specifying jks as the keystore type.

The cacerts keystore file ships with several root CA certificates. The Web page accessed by the link above lists the aliases and X.500 owner distinguished names in the file.

Default Jetty keystore

Endeca Server ships with a default keystore file in the Jetty etc directory. For the keystore:
  • jetty is the alias name.
  • storepwd is the password.

The default jetty-ssl.xml configuration file comes pre-configured with this default keystore. You can use this keystore only for preliminary SSL testing. However, you should create your own keystore when you are ready to set up your SSL environment.