Blog Post

Enterprise Data Services Community Blog
1 MIN READ

EV 10 hosting the Search Service using SSL/HTTPS

Nathan_Clark_2's avatar
13 years ago

 

1) Decide on a specific unused port to use for your SSL endpoint, i.e. 4567.

2) Bind your certificate to the port using netsh:

netsh http add sslcert ipport=0.0.0.0:4567 certstorename=MY certhash=<Cert Hash(sha1)> appid={<ANYGUID>}

http://stackoverflow.com/questions/537173/what-appid-should-i-use-with-netsh-exe

3) In the VAC, on the Advanced tab of the server properties, edit the "Search HTTP Service Port" setting to match your port above (e.g. 4567), and set the "Search HTTP Service Requires SSL" setting to On.  

4) Set EVIndexing Web site to use SSL. 

Restart the indexing service for the settings to take effect.  

 

I had issues with point 2) needed a MS hotfix (I think, as i needed a reboot)

http://support.microsoft.com/kb/981506

I did all this but still search failed Dtraced w3wp:

 

4,523 10:28:24.937 [1,880] (w3wp) <5696> EV:H WinHttpRequest::OnCallback. WINHTTP_CALLBACK_STATUS_REQUEST_ERROR - Result=5, Error=12175

12175 = ERROR_WINHTTP_SECURE_FAILURE (cert issues)

you can check this manually by pasting in the WCF endpoint of the search service in IE:

To find the endpoint check in EVIndexQueryServer  Dtrace:

(EVIndexQueryServer) <3064> EV-M {IndexServerSearchService} Search request on endpoint https://evfinkserver.aio.local:4567/enterprisevault/search/indexserversearchservice/authtoken/search

 

This gave me a cert error as my cert was bound on localhost and NOT evfinkserver.aio.local

Published 13 years ago
Version 1.0
No CommentsBe the first to comment