Enable stricter security – Google Search Appliance Connectors Administration Guide User Manual

(Linux / Unix systems):

java \

-Djava.util.logging.config.file=src/logging.properties \
-Djavax.net.ssl.keyStore=keys.jks \
-Djavax.net.ssl.keyStoreType=jks \
-Djavax.net.ssl.keyStorePassword= \
-Djavax.net.ssl.trustStore=

.jks

\

-Djavax.net.ssl.trustStoreType=jks \
-Djavax.net.ssl.trustStorePassword=changeit \
-classpath adaptor-name-4.0.3-withlib.jar \

com.google.enterprise.adaptor.name.NameAdaptor

Enable stricter security

Optionally, you can improve security by choosing stricter security features on the
Administration > SSL Settings page in the Admin Console, as described in the following
table. However, using any of these options require the connector to be configured for
security and have server.secure=true in its configuration.

Option

Setting

Description

Enable HTTP (non-SSL)
access for Feedergate

Uncheck

When this option is unchecked, only HTTPS
communications will be accepted by
feedergate. Connectors send document ids
to feedergate.

Enable Client Certificate
Authentication for
Feedergate

Check

When this option is checked, the Feedergate
SSL port (19902) only accepts connections
from IP addresses in the trusted IP
addresses list and clients who present a
valid x509 certificate when connecting. Valid
means that the certificate is signed by a
certificate in the CA keystore on the search
appliance (or a certificate in the certificate
chain).

Enable Server Certificate
Authentication

Check

When this option is checked, it is a
requirement for the crawler to authenticate
certificates presented by servers that
contain secure content.