Configure Find to Use SSL

By default, Find runs in plain HTTP mode. You can configure it to use SSL communications, by setting the appropriate system properties in the Java run command.

NOTE: If you enable SSL, you cannot use plain HTTP with Find.

To configure Find to use SSL

  • Start Find with the Java run command, and include the following arguments:

    -Dserver.ssl.key-store=path_to_keystore
    -Dserver.ssl.key-store-password=keystore_password
    -Dserver.ssl.key-password=key_password
    -Dserver.port=server_port

    where,

    path_to_keystore

    is the path to a keystore. You must create a keystore and import your certificates into it. By default, Find expects this keystore to be in JKS format. For more information on how to create a JKS keystore by using the keytool command-line tool, see https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html.

    NOTE: By default, keytool uses the DSA algorithm, which is no longer supported by all browsers. To use the recommended RSA algorithm, modify the first step in the link (https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html) to use the following command to generate the keystore:

    keytool -keystore clientkeystore -keyalg rsa -genkey -alias client

    The rest of the steps are unchanged.

    NOTE: If you want to use a keystore in a different format, you must also set the -Dserver.ssl.key-store-type argument to the type of keystore that you want to use. For example:

    -Dserver.ssl.key-store-type=pkcs12
    keystore_password is the password for the keystore.
    key_password is the password for the key inside the keystore.
    server_port is the port to user for Find. To use SSL, you must change this value from the default port (that is, you must not use port 8080). Typically you use port 8443, but you can use any valid port value.

    For example:

    java -Dserver.ssl.key-store=/etc/ssl/private/keystore.jks -Dserver.ssl.key-store-password=MyPassword -Dserver.ssl.key-password=KeyPassword -Didol.find.home=[home directory] -Dserver.port=8443 -jar find.war -uriEncoding utf-8

If you run Find as a service on Windows, you can also add the same arguments to the find.xml file.

If you run Find as a service on Linux, you can add the argument to the existing arguments variable in find.sh for SystemV, find.conf for Upstart, or find.service for systemd.

When you modify the Find configuration by modifying the XML file or start scripts, you must restart Find to apply your configuration changes.

On Upstart, you must also run initctl reload-configuration before you restart, to apply the init file changes. You can then run service find restart to restart the service.

For more information on installing and running Find as a service on Windows or Linux, see Install Find.