Manually Configuring Search Security Certificate
Note: You can select or create search security certificates at the end of the Coveo .NET Front-End software installation and later from the search interface Do more menu (see Coveo .NET Front-End First Time Setup).
The manual search security certificate configuration varies depending on the Coveo instance deployment:
-
Front-End and Back-End components on the same server (see Local Front-End).
-
Front-End and Back-End components on different servers (see Remote Front-End).
-
Front-End querying multiple Back-Ends (see Remote Front-End querying multiple Coveo instances)
-
Back-End querying another Coveo instance (see Geographically distributed indexing (GDI)).
-
Coveo search box integrated in SharePoint (see SharePoint integration).
Local Front-End
In a simple one server installation, you install the Coveo Front-End components on the same server as the Back-End components. In this case, the file for the default front-end search security certificate is already available on the server (C:\CES7\Config\Certificates\cert-iis.p12 by default).
-
Using an administrator account, connect to the Coveo Master server.
-
Using a text editor:
-
Open the [.Net_Front-End_Path]\Web\web.config file.
-
In the <CoveoEnterpriseSearch> section of the file, add the sslCertificatePath="[Search_Certificate_File]" attribute to the <server> element.
Example: Identifying the C:\CES7\Config\Certificates\cert-iis.p12 certificate file.<coveoEnterpriseSearch> <server hostname="localhost" port="52800" sslCertificatePath="C:\CES7\Config\Certificates\cert-iis.p12"/> ... </coveoEnterpriseSearch>
-
Save the file.
-
Remote Front-End
In a deployment with one or more Coveo Front-End servers and a Back-End server, you must first copy the search security certificate from the Master server to each remote Front-End server.
-
Using an administrator account, connect to the Coveo Master server, and then copy the [Index_Path]\Config\Certificates\cert-iis.p12 file.
-
For each Front-End server:
-
Using an administrator account, connect to the Coveo Front-End server.
-
Paste the search security certificate file to a location of your choice.
Example: You can create a C:\Program Files\Coveo .NET Front-End 12\Web\Certificates\ folder in which to paste the search security certificate file.
-
Using a text editor:
-
Open the [.Net_Front-End_Path]\Web\web.config file.
-
In the <CoveoEnterpriseSearch> section of the file, add the sslCertificatePath="[Search_Certificate_File]" attribute to the <server> element.
Example: Identifying the C:\Program Files\Coveo .NET Front-End 12\Web\Certificates\cert-iis.p12 certificate file.<coveoEnterpriseSearch> <server hostname="localhost" port="52800" sslCertificatePath="C:\Program Files\Coveo .NET Front-End 12\Web\Certificates\cert-iis.p12"/> ... </coveoEnterpriseSearch>
-
Save the file.
-
-
Remote Front-End querying multiple Coveo instances
In a deployment with a Coveo Front-End server sending queries to more than one Coveo instance, the Front-End needs one certificate that is trusted by all the Coveo instances to which it sends queries.
-
Choose one of the CES instances, as the one holding the search security certificate to be used.
-
Using an administrator account, connect to the Master server of the reference Coveo instance, and then copy the [Index_Path]\Config\Certificates\cert-iis.p12 file.
This will be the search security certificate the Front-End server will be using.
-
Using an administrator account, connect to the Coveo Front-End server.
-
Paste the search security certificate file to a location of your choice.
Example: You can create a C:\Program Files\Coveo .NET Front-End 12\Web\Certificates\ folder in which to paste the search security certificate file.
-
For all the other Coveo instances that you want to query:
-
Using an administrator account, connect to the Master server of the Coveo instance.
-
In the [Index_Path]\Config\Certificates\ folder, append the content of the [Index_Path]\Config\Certificates\cert-ca.pem found on the reference Coveo instance machine you chose.
-
Add the search security certificate thumbprint to the certificate whitelist (see Editing a Certificate Whitelist).
-
Geographically distributed indexing (GDI)
In a GDI deployment where one Coveo Back-End server sends queries to another Coveo Back-End server, the Coveo instance receiving the query must trust the CA of the querying Coveo instance.
-
Using an administrator account, connect to the Master server of the Coveo instance that sends queries.
-
Using a text editor, open and copy the content of the [Index_Path]\Config\Certificates\cert-ca.pem file.
-
Using an administrator account, connect to the Master server of the Coveo instance that receives the queries.
-
Using a text editor:
-
Open the [Index_Path]\Config\Certificates\cert-ca.pem file.
-
Paste the copied content at the end of the file.
Example: Two trusted CAs in a cert-ca.pem file.
-----BEGIN CERTIFICATE----- MIIEDjCCAvagAwIBAgIJAJyezp7873moMA0GCSqGSIb3DQEBBQUAMIGtMR0wGwYD VQQKExRDb3ZlbyBTb2x1dGlvbnMgaW5jLjE7MDkGA1UEAxQyezg4NDkwMzIxLTY1 ... LFjOsB64Bo4yNrv0o8MCtwKbfBFtjQ0ncMAoVZTDPrW37kUF3mRxwElBafioay5H hdh9wXKSjBRHS0zpTUwqmHzgYEQ/4/QKQc1iVHaAwyX7xQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- AkNBMSAwHgYJKoZIhvcNAQkBFhFzdXBwb3J0QGNvdmVvLmNvbTEPMA0GA1UEBxMG UXVlYmVjMQ8wDQYDVQQIEwZRdWViZWMwHhcNMTIwMTIzMTg0NTA0WhcNMjIwMTIw ... BgkqhkiG9w0BAQUFAAOCAQEApo11dMAxrFkb9/9QE2ZUUeJutoa3LCmbLRbYg3XY IIH/YLch8S0C1OICGZGKErR8jDQQrjVRnt+1F5VVOj1qZf8QPMDdODkd72IqDF6d -----END CERTIFICATE-----
-
Save the file.
-
-
Add the search security certificate thumbprint (for the cert-iis.p12 and cert-ces.pem files) to the certificate whitelist (see Editing a Certificate Whitelist).
-
SharePoint integration
In a deployment where a Coveo search box is integrated with SharePoint, the SharePoint site needs to use the search security certificate of the Coveo instance to which it sends queries.
-
Using an administrator account, connect to the Coveo Master server, and then copy the [Index_Path]\Config\Certificates\cert-iis.p12 file.
-
Using an administrator account, connect to the SharePoint server.
-
Paste the search security certificate file to a location of your choice.
-
In Internet Information Services (IIS) Manager, right-click on the SharePoint site, and then open the containing folder.
-
Using a text editor:
-
Open the web.config file.
-
In the <CoveoEnterpriseSearch> section of the file, add the sslCertificatePath="[Search_Certificate_File]" attribute to the <server> element.
-
Save the file.
-