Product DocsMenu

Coveo Platform 7.0 >
Administrator Help > Coveo Enterprise Search 7.0 > Installation > Extending Admin Service Certificate Validity

Extending CES Admin Service Certificate Validity Period

In a Coveo for Sitecore scenario, it is highly recommended to secure the CES Admin Service, thus ensuring only the authorized people perform administrative tasks on your CES instance using the service. For a connection to the service to be allowed, the application must provided access credentials as well as a certificate bounded to a specific port (443 by default). Past the certificate expiration date, all applications using the CES Admin Service stop working.

When installing (or upgrading to) CES 7.0.7814 or 7.0.8057 (August-December 2015), you can create a certificate valid for two years. This validity period cannot be modified, meaning that you must remind to generate a new certificate every two years for your Sitecore instance to work. If not, the following error will be thrown in the Coveo Diagnostic Page (see Troubleshooting Problems Using the Coveo Diagnostic Page):

System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'CESServerName'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

The solution is to generate a new certificate that lasts for 50 years using the installer of CES 7.0.8225+ (March 2016).

To extend the certificate validity period

CES 7.0.8225+ (March 2016)

  1. Using an administrator account, connect to the Coveo Master server on which the CES Admin Service certificate is located.

  2. From the email message that you receive from Coveo, download the appropriate CES installer (32-bit or 64-bit) for the March 2016 version or later. Contact Coveo Support if you need assistance to download the installer.

  3. Run the CES installer.

    Example: When CES 7.0.8225 is installed on the Coveo server, on a 64-bit server, use the Coveo Enterprise Search 7.0 x64 (8225).exe installer to install the CES 7.0.8225 version.

  4. In the Welcome screen of the Coveo Enterprise Search 7.0 installer, click Next.

  5. In the License Agreement screen, read the license terms, select I accept the terms in the license agreement, and then click Next.

  6. (When upgrading from CES 7.0.8047 (December 2015) only), in the Important information screen, click Next.

  7. In the Configuration screen, next to Admin service security, click Configure.

  8. In the next screen, click Choose next to the Change the user or certificate used to secure the Admin Service option.

    .

  9. In the Coveo Enterprise Search Admin Service Security Options screen:

    1. If the default Admin Service port number (443) is used by another service or application, modify the port number.

    2. Next to Configure credentials for the Admin Service, click Configure.

    3. In the Username, Password and Confirm Password boxes, enter credentials that you create and take good note of them.

      The specified username/password do not need to be that of an Active Directory or Sitecore user. They are encrypted and stored only on the Coveo server. These credentials will be used by application (such as the Coveo for Sitecore Search Provider) that need to authenticate to the Admin Service.

    4. Click OK.

    5. Next to Configure a certificate for the Admin Service, click Configure.

    6. In the Create a certificate to secure the Admin Service screen, configure the certificate settings:

      Note: The certificate is valid for 50 years.

      1. In the CES Server name box, enter the fully qualified domain name (FQDN) of the CES server or an alias for future reference using your hosts file.

        Note: The default value is the computer name which often does not need to be modified.

      2. In the Certificate private key password and Confirm Password boxes, enter the password to protect the certificate private key.

      3. When the default Admin Service port number (443) is used by another service or application, modify the port number.

      4. Optionally click Browse to modify the default Certificate export path, which is the Coveo Enterprise Search 7 folder, and then click OK.

  10. Back in the Coveo Enterprise Search Admin Service Security Options, click OK.

  11. In the Configuration screen, click Next.

  12. In the Installing the program screen, click Install.

  13. In the Coveo Enterprise Search 7.0 (x64) Installation dialog box, click Yes to continue the installation, acknowledging the fact that the CES service will be restarted if required.

    Note: Restarting the CES Service and IIS typically takes less than a minute during which the CES service is unavailable to your end-users.

    A screen showing the installation progress bar appears.

  14. In the installer Installation Successful screen, click Finish.

People who viewed this topic also viewed