Product DocsMenu

Editing a Certificate Whitelist

A whitelist is simply the inverse concept of a blacklist. A certificate whitelist contains all the trusted search security certificates that can be used by a Front-End server to send queries to Coveo Back-End server. Every Coveo instance has a search security certificate whitelist defined in the [Index_Path]\Config\Config.txt file.

Each search security certificate can include a list of trusted IP addresses from which it can be used as well as a list of trusted identities it can impersonate. By default, both lists are empty, meaning that a certificate can impersonate everyone and can be used on any server.

Certificates are identified by their thumbprint (see Finding the Thumbprint of a Certificate). The thumbprint for a certificate used by a Coveo Front-End server must be added to the whitelist of the Coveo Master server to which it sends queries. The whitelist is automatically populated to all the mirrors of a Coveo instance so there is no need to do this step on the other mirrors if any.

Contact Coveo Support for instructions on how to edit a certificate whitelist.

People who viewed this topic also viewed