Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Administrator tasks
- Work with Smart Search
- Validate Smart Analytics configurations
- Add a content server for Smart Ticket and Hot Topic Analysis
- Configure TSL/SSL for two-way authentication
- Get ports occupied by Smart Analytics
- Use Smart Analytics Assistant
- Back up and restore content
- Perform indexing of large-scale knowledgebases
- Modify Stop Words for IDOL search engine
- Transfer Smart Analytics intelligence between systems
Configure TSL/SSL for two-way authentication
User Role: Administrator
TLS/SSL creates encrypted connections that allow private and sensitive information to be transmitted without the risk of eavesdropping, data tampering, or message forgery. HPE recommends setting up a TLS/SSL connection between Service Manager and Smart Analytics, Connector Framework Server (CFS)/connectors, or Image Server. To do this, see the following steps for different scenarios.
For details about how to create two-way authentication certificates, see How to setup SingleSignOn (SSO) in a Horizontally scaled environment.
To Configure TSL/SSL for two-way authentication between Service Manager and Smart Analytics, follow these steps as an example:
-
Create a signed Service Manager server certificate and Smart Analytics certificate using the OpenSSL toolkit as a private certificate authority.
CA Certificate keystore file: cacerts
CA Certificate keystore password: "changeit"
CA Certificate file: mycacert.pem
SM Server keystore file: server.keystore
SM Server serverkeystore password: "serverkeystore"
Client public certificate file: clientpubkey.cert
Client certificate private key file: exported_rsa.key
Trusted clients keystore file: trustedclients.keystore (Import Client public certificate into Trustedclients keystore)
Trusted clients keystore password: "trustedclients"
-
Configure the Service Manager server to use the server certificate and to trust the client certificate.
-
Copy the following files to server host and put them under the RUN directory:
- certs\cacerts
- certs\trustedclients.keystore
- key\server.keystore
-
Set the following parameter values in the
sm.ini
file.Parameter Value ssl
1
sslConnector
1
ssl_reqClientAuth
2
trustedsignon
1
keystoreFile
server.keystore
keystorePass
serverkeystore
ssl_trustedClientsJKS
trustedclients.keystore
ssl_trustedClientsPwd
trustedclients
truststoreFile
cacerts
truststorePass
changeit
- Restart the Service Manager server.
-
-
Configure the Smart Analytics components to use the client certificate and to trust the server certificate.
-
Copy the following files to the <Smart Analytics Installation>\ssl Certificate folder on your Smart Analytics local machine:
- certs\clientpubkey.cert
- certs\ mycacert.pem
- exported_rsa.key
-
Configure all content components to use the certificates by setting the <Smart Analytics Installation>\Content#\Content#.cfg file.
[SSLOption1]
SSLMethod=SSLV23
SSLCertificate=<Smart Analytics Installation>\sslCertificate\clientpubkey.cert
SSLPrivateKey=<Smart Analytics Installation>\sslCertificate\exported_rsa.key
SSLCACertificate=<Smart Analytics Installation>\sslCertificate\mycacert.pem
[IndexServer]
SSLConfig=SSLOption1
[Server]
SSLConfig=SSLOption1
Note If a section (such as the
[IndexServer]
section) does not exist in the out-of-box configuration files, you need to add the section manually with the settings described in this help topic. -
Configure smart search proxy to use the certificates by setting the <Smart Analytics Installation>\level2proxy\IDOLServer.cfg file:
[Service]
SSLConfig=SSLOption1
[SSLOption1]
SSLMethod=SSLV23
SSLCertificate=<Smart Analytics Installation>\sslCertificate\clientpubkey.cert
SSLPrivateKey=<Smart Analytics Installation>\sslCertificate\exported_rsa.key
SSLCACertificate=<Smart Analytics Installation>\sslCertificate\mycacert.pem
[IndexServer]
SSLConfig=SSLOption1
[Server]
SSLConfig=SSLOption1
SSLIDOLComponents=TRUE
[IDOLServerN]
SSLConfig=SSLOption1
-
Configure the Smart Analytics main server to use the certificates by setting the <Smart Analytics Installation>\IDOL\IDOLServer.cfg file.
[SSLOption1]
SSLMethod=SSLV23
SSLCertificate=<Smart Analytics Installation>\sslCertificate\clientpubkey.cert
SSLPrivateKey=<Smart Analytics Installation>\sslCertificate\exported_rsa.key
SSLCACertificate=<Smart Analytics Installation>\sslCertificate\mycacert.pem
[IndexServer]
SSLConfig=SSLOption1
[DataDRE]
SSLConfig=SSLOption1
[CatDRE]
SSLConfig=SSLOption1
[AgentDRE]
SSLConfig=SSLOption1
[Server]
SSLConfig=SSLOption1
SSLIDOLComponents=TRUE
[IDOLServerN]
SSLConfig=SSLOption1
[Agent]
SSLConfig=SSLOption1
-
Change the <Smart Analytics Installation>\IDOL\agentstore\agentstore.cfg file.
[SSLOption1]
SSLMethod=SSLV23
SSLCertificate=<Smart Analytics Installation>\sslCertificate\clientpubkey.cert
SSLPrivateKey=<Smart Analytics Installation>\sslCertificate\exported_rsa.key
SSLCACertificate=<Smart Analytics Installation>\sslCertificate\mycacert.pem
[IndexServer]
SSLConfig=SSLOption1
[Server]
SSLConfig=SSLOption1
SSLIDOLComponents=true
-
Configure the Connector Framework Server (CFS) to use the certificates by setting the <Smart Analytics Installation>\CFS\CFS.cfg file.
[SSLOption1]
SSLMethod=SSLV23
SSLCertificate=<Smart Analytics Installation>\sslCertificate\clientpubkey.cert
SSLPrivateKey=<Smart Analytics Installation>\sslCertificate\exported_rsa.key
SSLCACertificate=<Smart Analytics Installation>\sslCertificate\mycacert.pem
//Use this parameter to specify the path to a directory containing multiple CA certificates in PEM format to check against. Each file must contain one CA certificate.
//SSLCACertificatesPath=C:\Autonomy\HTTPConnector\CACERTS\
[Server]
//to make CFS ACI port ssl encrypted.
SSLConfig=SSLOption1
- Restart the corresponding services for the Smart Analytics components that you modified.
-
To Configure TSL/SSL for two-way authentication between Service Manager and CFS/connectors, follow these steps as an example:
-
Create a signed Service Manager server certificate and Connector Framework Server (CFS) or connectors certificate using the OpenSSL toolkit as a private certificate authority.
CA Certificate keystore file: cacerts
CA Certificate keystore password: "changeit"
CA Certificate file: mycacert.pem
SM Server keystore file: server.keystore
SM Server serverkeystore password: "serverkeystore"
Client public certificate file: clientpubkey.cert
Client certificate private key file: exported_rsa.key
Trusted clients keystore file: trustedclients.keystore (Import Client public certificate into Trustedclients keystore)
Trusted clients keystore password: "trustedclients"
-
Configure the Service Manager server to use the server certificate and to trust the client certificate.
-
Copy the following files to server host and put them under the RUN directory:
- certs\cacerts
- certs\trustedclients.keystore
- key\server.keystore
-
Set the following parameter values in the
sm.ini
file.Parameter Value ssl
1
sslConnector
1
ssl_reqClientAuth
2
trustedsignon
1
keystoreFile
server.keystore
keystorePass
serverkeystore
ssl_trustedClientsJKS
trustedclients.keystore
ssl_trustedClientsPwd
trustedclients
truststoreFile
cacerts
truststorePass
changeit
-
Restart the Service Manager server.
-
-
Configure the Smart Analytics Connector Framework Server (CFS) or connectors to use the client certificate and to trust the server certificate.
-
Copy the following files to the <Smart Analytics Installation>\ssl Certificate folder on your Smart Analytics local machine:
- certs\clientpubkey.cert
- certs\ mycacert.pem
- exported_rsa.key
-
Configure the Connector Framework Server (CFS) to use the certificates by setting the <Smart Analytics Installation>\CFS\CFS.cfg file.
[SSLOption1]
SSLMethod=SSLV23
SSLCertificate=<Smart Analytics Installation>\sslCertificate\clientpubkey.cert
SSLPrivateKey=<Smart Analytics Installation>\sslCertificate\exported_rsa.key
SSLCACertificate=<Smart Analytics Installation>\sslCertificate\mycacert.pem
//Use this parameter to specify the path to a directory containing multiple CA certificates in PEM format to check against. Each file must contain one CA certificate.
//SSLCACertificatesPath=C:\Autonomy\HTTPConnector\CACERTS\
[Server]
//to make CFS ACI port ssl encrypted.
SSLConfig=SSLOption1
-
Configure the connectors to use the certificates by setting the <connector>.cfg file.
[Ingestion]
//If CFS ACI port is ssl encrypted
IngestSSLConfig=SSLOption1
- Restart the corresponding CFS and connector services.
-
To Configure TSL/SSL for two-way authentication between Service Manager and Image Server, follow these steps as an example:
-
Create a signed Service Manager server certificate and Image Server certificate using the OpenSSL toolkit as a private certificate authority.
CA Certificate keystore file: cacerts
CA Certificate keystore password: "changeit"
CA Certificate file: mycacert.pem
SM Server keystore file: server.keystore
SM Server serverkeystore password: "serverkeystore"
Client public certificate file: clientpubkey.cert
Client certificate private key file: exported_rsa.key
Trusted clients keystore file: trustedclients.keystore (Import Client public certificate into Trustedclients keystore)
Trusted clients keystore password: "trustedclients"
-
Configure the Service Manager server to use the server certificate and to trust the client certificate.
-
Copy the following files to server host and put them under the RUN directory:
- certs\cacerts
- certs\trustedclients.keystore
- key\server.keystore
-
Set the following parameter values in the
sm.ini
file.Parameter Value ssl
1
sslConnector
1
ssl_reqClientAuth
2
trustedsignon
1
keystoreFile
server.keystore
keystorePass
serverkeystore
ssl_trustedClientsJKS
trustedclients.keystore
ssl_trustedClientsPwd
trustedclients
truststoreFile
cacerts
truststorePass
changeit
- Restart the Service Manager server.
-
-
Configure the Smart Analytics Image Server to use the client certificate and to trust the server certificate.
-
Copy the following files to the <Smart Analytics Installation>\ssl Certificate folder on your Smart Analytics local machine:
- certs\clientpubkey.cert
- certs\ mycacert.pem
- exported_rsa.key
-
Configure the Image Server to use the certificates by setting the <Smart Analytics Installation>\ImageServer1\ImageServer1.cfg file.
[SSLOption1]
SSLMethod=SSLV23
SSLCertificate=<Smart Analytics Installation>\sslCertificate\clientpubkey.cert
SSLPrivateKey=<Smart Analytics Installation>\sslCertificate\exported_rsa.key
SSLCACertificate=<Smart Analytics Installation>\sslCertificate\mycacert.pem
[Server]
SSLConfig=SSLOption1
- Restart the Image Server service.
-
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to ovdoc-ITSM@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: