Encrypting data transmitted over the network

To encrypt the data that is transmitted over the network, you must set up a secure port on the IBM® Content Search Services server. Then, you must use IBM Administration Console for Content Platform Engine to specify the secure port number and enable SSL.

About this task

You can encrypt the data that is transmitted between IBM Content Search Services and Content Platform Engine without creating keystores and deploying certificates. With this configuration, the data that is transmitted between the servers is encrypted, but SSL authentication and host validation are not performed.

Procedure

To encrypt data that is transmitted over the network:

Set up a secure port on the IBM Content Search Services server:
1. Log on to the host computer as the css_install_user user.
2. Stop the IBM Content Search Services server if it is running.
3. From the command line, navigate to the folder YourCSSfolder\bin where YourCSSfolder is the folder where you installed IBM Content Search Services.
4. Enable a secure port by entering the following command (the double quotes are needed when they delimit white space):
```
configTool.bat set -system -configPath "YourCSSfolder\config"
-securePort 8199
```
  8199 is the secure port number.
  For example, if YourCSSfolder is C:\Program Files\IBM\Content Search Services\CSS Server\, enter the following command:
```
configtool.bat
set -system -configPath "C:\Program Files\IBM\Content Search Services\CSS
Server\config" -securePort 8199
```
  Attention:
  For AIX®, Linux®, Linux for System z®, or Solaris users, if YourCSSfolder is /opt/IBM/Content Search Services/CSS Server/, enter the following command:
```
configTool.sh
set -system -configPath "/opt/IBM/ContentSearchServices/CSS_Server/config"
-securePort 8199
```
5. Optional: Disable the nonsecure port after completing all SSL configuration changes. To set the nonsecure port number to 0, enter configtool.bat set -system -configPath "YourCSSfolder\config" -adminHTTPPort 0. For AIX, Linux, Linux for System z, or Solaris users, enter configTool.sh set -system -configPath "YourCSSfolder/config" -adminHTTPPort 0.
6. Start the IBM Content Search Services server.
Start Administration Console for Content Platform Engine if you did not already do so:
1. On any computer, open a browser and navigate to the Administration Console for Content Platform Engine logon page:
  - In a standard availability environment, the logon page is at http://CPE_Server:port/acce. CPE_Server is the name of the system where Content Platform Engine is deployed. port is the HTTP port that is used by the application server where Content Platform Engine is deployed.
  - In a high availability environment, the logon page is at http://virtual_server:port/acce. virtual_server is the name of the load balancer or proxy server where the clusters of Content Platform Engine is deployed. port is the port number of the load balancer or proxy server.
2. Log on as the gcd_admin user.
Specify the secure port number and enable SSL on the IBM Content Search Services server:
1. In the navigation pane of IBM Administration Console for Content Platform Engine select the domain, and navigate to Global Configuration > Administration > Text Search Servers.
2. In the details pane, select the text search server and click General.
3. In the Port field, enter the secure port number.
4. Click Properties.
5. Set the Is SSL Enabled field value to True.
6. Set the Validate Server Certificate and the Validate Certificate Host field values to False.

What to do next

After enabling SSL encryption, you must deploy certificates on both the IBM Content Search Services server and the Content Platform Engine server to establish secure communication. For more information, see Deploying a certificate on the IBM Content Search Services server and Deploying a certificate on the Content Platform Engine server.