Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Cloud Service Automation4.90

Configure Secure Internal Communication

CSA global search services use HTTPS to communicate internally with CSA on TCP ports that are not normally used for communication with other systems, the Cloud Service Management Console, or the Marketplace Portal. To prevent access to these ports from an internal or external network, it is recommended that you configure network firewall rules for these ports. Consult your network administrator about configuring firewall rules.

TCP Ports Used for Internal Communication
CSA Service	TCP Port Used	Communication between Nodes in a Clustered Environment?
Search Service	9000	No
Elasticsearch	9201	No
Elasticsearch	9300	Yes

Authentication Checking

Authentication checking has been turned on in order to improve security of the HPE Search Service. A certificate has been generated to make authorization checking possible.

Note: The certificate will expire 120 days after the patch has been installed.

Steps to generate a new certificate valid for another 120 days is given below:

Points to Note:

The keytool commands below will prompt for a password. The default password is 'changeit'.
The following commands will fail unless you use the same Java executable that is used to run CSA.

On the server open a shell and change directory to %CSA_HOME%\elasticsearch-1.6.1\config.
Make a backup of the CSAKS.jks and CSATS.jks files.
To see the current ES certificate:

keytool -list -v -keystore CSAKS.jks -alias ES

Take note of the line that begins with "Owner" specifically the value after "CN=". This should be the FQDN (fully qualified domain name) of the server.

Delete the existing expired certificate:

keytool -delete -alias ES -keystore CSAKS.jks

Generate a new certificate:

keytool -genkey -alias ES -keyalg RSA -dname "CN=, OU=HP, O=HP, L=Palo Alto, ST=CA, C=US" -validity 120 -keystore CSAKS.jks

Note: CN= should contain the FQDN (fully qualified domain name) of the server.

Import certificate to CSATS.jks file:

keytool -export -alias ES -keystore CSAKS.jks -file es.crt

keytool -delete -alias ES -keystore CSATS.jks

keytool -importcert -trustcacerts -alias ES -file es.crt -keystore CSATS.jks

Enter 'yes' to trust this certificate.

Import certificate in search service:

For Windows:

keytool -delete -alias ES -keystore ..\..\csa-search-service\.keystore -storetype PKCS12

keytool -importcert -alias ES -file es.crt -keystore ..\..\csa-search-service\.keystore -storetype PKCS12 -trustcacerts

For Linux:

keytool -delete -alias ES -keystore ../../csa-search-service/.keystore -storetype PKCS12

keytool -importcert -alias ES -file es.crt -keystore ../../csa-search-service/.keystore -storetype PKCS12 -trustcacerts

Enter 'yes' to trust certificate.

Restart Elasticsearch service and HPE Search service.

Send Help Center feedback