To encrypt the data that is transmitted over the network,
you must set up a secure port on the IBM® Content Search Services server. Then you must
specify the secure port number and enable SSL.
About this task
You can encrypt
the data that is transmitted between
IBM Content Search Services and
Content Platform Engine without creating keystores
and deploying certificates. With this configuration, the data that
is transmitted between the servers is encrypted, but SSL authentication
and host validation are not performed.
Procedure
To encrypt data
that is transmitted over the network:
- Set up a secure
port on the IBM Content Search Services server:
- Log on to the host computer as the css_install_user user.
- Stop the IBM Content Search Services server
if it is running.
- From the command line, navigate to the folder
YourCSSfolder\bin
where YourCSSfolder is the folder where you
installed IBM Content Search Services.
- Enable a secure port by entering the following
command (the double quotes are needed when they delimit white space):
configTool.bat set -system -configPath "YourCSSfolder\config"
-securePort 8199
8199 is the secure port number.
For example, if YourCSSfolder is C:\Program
Files\IBM\Content Search Services\CSS Server\, enter the
following command:configtool.bat
set -system -configPath "C:\Program Files\IBM\Content Search Services\CSS
Server\config" -securePort 8199
Attention:
For AIX®, Linux, Linux for System z,
or Solaris users, if YourCSSfolder is /opt/IBM/Content
Search Services/CSS Server/, enter the following command:configTool.sh
set -system -configPath "/opt/IBM/ContentSearchServices/CSS_Server/config"
-securePort 8199
- Optional: Disable
the nonsecure port after completing all SSL configuration changes.
To set the nonsecure port number to 0, enter configtool.bat
set -system -configPath "YourCSSfolder\config"
-adminHTTPPort 0. For AIX,
Linux, Linux for System z, or Solaris users, enter configTool.sh
set -system -configPath "YourCSSfolder/config"
-adminHTTPPort 0.
- Start the IBM Content Search Services server.
- Start Administration Console for Content Platform Engine if you did not already
do so:
- On any computer, open a browser and navigate to the Administration Console for Content Platform Engine logon page:
- In
a standard availability environment, the logon page is at http://CPE_Server:port/acce. CPE_Server is
the name of the system where Content Platform Engine is
deployed. port is the HTTP port that is used by
the application server where Content Platform Engine is
deployed.
- In a high availability environment, the logon page is at http://virtual_server:port/acce. virtual_server is
the name of the load balancer or proxy server where the clusters of Content Platform Engine is deployed. port is
the port number of the load balancer or proxy server.
- Log on as the gcd_admin user.
- Specify the secure
port number and enable SSL on the IBM Content Search Services server:
- In the navigation pane of IBM Administration Console for Content
Platform Engine select the domain, and
navigate to .
- In the details pane, select the text search server and
click General.
- In the Port field, enter the secure port number.
- Click Properties.
- Set the Is SSL Enabled field value to True.
- Set the Validate Server Certificate and the Validate
Certificate Host field values to False.