Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
- Configure Secure Connections for Client Browsers
- Configure CSA to Use a Trusted Certificate Authority-Signed or Subordinate Certificate Authority-Signed Certificate
- Configure CSA to Use a Certificate Authority-Signed Certificate and a Certificate Authority-Provided Keystore
- Configure CSA to Use an Internal Certificate Authority-Signed Certificate
- Configure CSA to Use a Self-Signed Certificate
- Configure CSA to Create a New Self-Signed Certificate for Global Search
- Masking Passwords in standalone.xml Using the JBoss vault Script
Configure CSA to create a new self-signed certificate for global search
This section describes the process you should follow to create a new self-signed certificate required for global search functionality. These steps are required when a certificate expires, a new certificate is generated, or a self signed certificate is replaced with a CA-signed certificate.
Note In the following instructions,
CSA_HOME is the directory in which CSA is installed
C:\Program Files\HPE\CSA and on Linux the directory is /usr/local/hpe/csa) and the keytool utility
is included with the JRE.
Also, the following instructions are applicable for subordinate Certificate Authorities. Wherever the Certificate Authority is mentioned, the subordinate Certificate Authority is implied. For example, if the content states to submit the certificate to a Certificate Authority, you may also submit the certificate to a subordinate Certificate Authority.
To create a new self-signed certificate to send with your request to a Certificate Authority, complete the following steps:
-
Open a command prompt and change directories to
CSA_HOME. -
Run the following command to generate a new certificate and keystore:
Windows:
"CSA_JRE_HOME\bin\keytool" -genkeypair -alias CSA -validity 365 -keyalg rsa -keysize 2048 -keystore <KEYSTORE> -storetype PKCS12Linux:
CSA_JRE_HOME/bin/keytool -genkeypair -alias CSA -validity 365 -keyalg rsa -keysize 2048 -keystore <KEYSTORE> -storetype PKCS12where
<KEYSTORE>refers to the keystore location.Example:
Windows:
"CSA_JR_HOME\bin\keytool" -genkeypair -alias CSA -validity 365 -keyalg rsa -keysize 2048 -keystore .new_keystore -storetype PKCS12Linux:
CSA_JRE_HOME/bin/keytool -genkeypair -alias CSA -validity 365 -keyalg rsa -keysize 2048 -keystore .new_keystore -storetype PKCS12You can use different values for
-alias,-validity,-keysizeand-keystore. These instructions assume that you will use the-aliasand-keystorevalues recommended here. You will need to adjust the commands accordingly if you use different values. -
Export the newly generated certificate out of keystore.
Windows:
"CSA_JR_HOME\bin\keytool" -exportcert -keystore <KEYSTORE> -alias CSA -file <CERTIFICATE-FILE> -storetype PKCS12Linux:
CSA_JRE_HOME/bin/keytool -exportcert -keystore <KEYSTORE> -alias CSA -file <CERTIFICATE-FILE> -storetype PKCS12where
<CERTIFICATE-FILE>refers to the filename for the exported certificate.Example:
Windows:
"CSA_JR_HOME\bin\keytool" -exportcert -keystore <KEYSTORE> -alias CSA -file csasearchcertificate.cert -storetype PKCS12Linux:
CSA_JRE_HOME/bin/keytool -exportcert -keystore <KEYSTORE> -alias CSA -file csasearchcertificate.cert -storetype PKCS12 -
Import the newly created certificate into the JRE truststore.
Windows:
"CSA_JR_HOME\bin\keytool" -importcert -keystore <CSA_JR_HOME>\lib\security\cacerts -file <CERTIFICATE-FILE> -alias <ALIAS-NAME>Linux:
CSA_JRE_HOME/bin/keytool -importcert -keystore <CSA_JR_HOME>\lib\security\cacerts -file <CERTIFICATE-FILE> -alias <ALIAS-NAME>Note
<ALIAS-NAME>must be used since it does not exist in the JRE cacert truststore. If a similar name exists then delete it first as follows:Windows:
"CSA_JR_HOME\bin\keytool" -delete -alias <ALIAS_NAME> -keystore <CSA_JR_HOME>\lib\security\cacertsLinux:
CSA_JRE_HOME/bin/keytool -delete -alias <ALIAS_NAME> -keystore <CSA_JR_HOME>\lib\security\cacerts -
Import the Elasticsearch certificate into the newly created keystore.
Windows:
"CSA_JR_HOME\bin\keytool" -importcert -keystore <KEYSTORE> -storetype PKCS12 -file <ELASTIC-SEARCH-CERTIFICATE> -trustcacerts -alias ESExample:
"CSA_JR_HOME\bin\keytool" -importcert -keystore <KEYSTORE> -storetype PKCS12 -file CSA-HOME\elasticsearch-1.6.1\config\es.crtLinux:
CSA_JR_HOME/bin/keytool -importcert -keystore <KEYSTORE> -storetype PKCS12 -file <ELASTIC-SEARCH-CERTIFICATE> -trustcacerts -alias ESExample:
CSA_JR_HOME/bin/keytool -importcert -keystore <KEYSTORE> -storetype PKCS12 -file CSA-HOME/elasticsearch-1.6.1/config/es.crtwhere
<ELASTIC-SEARCH-CERTIFICATE>is the location of the elasticsearch certificate file. -
Open the
CSA_HOME/CSA/csa-search-service/app.jsonfile in a text editor. -
Change the following string (there are two occurrences):
Change:
"pfx" : ".keystore"To:
"pfx": "<KEYSTORE>" -
Restart the CSA and HPE Search Service services. See Restart CSA for instructions.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to clouddocs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: