Configure SSL security for Helix Search

This section describes how to secure your Helix Search communications over SSL using the HTTPS protocol. This involves creating a Java keystore with a valid SSL certificate.

To secure Helix Search with HTTPS SSL access:

  1. Create a CSR and private key with the following command:

    2. openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

  2. Provide answers to the questions about your organization and the domain you are installing the Helix Search service on.
  3. Send the CSR to your Certificate provider to create a valid certificate and Chained Authority.
  4. View an existing CSR with the following command:

    5. openssl req -text -noout -verify -in server.csr

  5. Add the certificate to a java keystore and bundle any chained authority. For example with the following:

    • Certificate example.com.crt
    • Chained authority CA.crt
    • Private key server.key

    If a certificate does not exist, create one:

    openssl x509 -signkey server.key -in server.csr -req -days 365 -out example.com.crt

  6. Combine your machines certificate and private key to produce a PK12 formatted file:

    7. openssl pkcs12 -export -in example.com.crt -inkey server.key -name example.com -out example.com.p12
Enter [password]

  7. Create/Add the PK12 file to the Java keystore:

    8. keytool -importkeystore -deststorepass [password] -destkeystore keystore.jks -srckeystore example.com.p12 -srcstoretype PKCS12
Enter [password]

  8. Bundle the CA.crt:

    9. keytool -import -alias bundle -trustcacerts -file CA.crt -keystore keystore.jks
Enter [password]

  9. Migrate to PKCS12:

    10. keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12
Enter [password]

  10. Copy the keystore to suitable location and check the file permissions, for example:

    • Windows: c:\Program Files\Perforce
    • Linux: /opt/perforce
  11. Make a note of the keystore location and password for use during the installation or configuration of Helix Search.
  12. Configure the keystore location, password, and switch to https:

    13. com.perforce.p4search.service.keystore=<location>
com.perforce.p4search.service.keypass=[password]
com.perforce.p4search.service.protocol=https

  13. Restart the Helix Search service:
  14. Helix Search is now configured for https.