How do I create an SSL certificate with the Java key tool to use within SearchBlox?

To set up the SSL certificate with java keytool and install with SearchBlox, follow the steps below:

cd /opt/searchblox

#Create a keystore

jre/bin/keytool -genkey -alias searchblox -keyalg RSA -keystore etc/SBkeystore.jks -keysize 2048

#create a signing request

jre/bin/keytool -certreq -alias searchblox -keystore etc/SBkeystore.jks -file searchblox.csr

Fill in the details as required: 

  • First name/last name is the CN (i.e must match FQDN that users will browse to)
  • Choose password

Get CSR signed by CA and bring back crt/pem

jre/bin/keytool -import -trustcacerts -alias rootca -file Root.crt -keystore etc/SBkeystore.jks -storepass <pass>

jre/bin/keytool -import -trustcacerts -alias intca -file Issue_CA.crt -keystore etc/SBkeystore.jks -storepass <pass>

jre/bin/keytool -import -alias searchblox -file searchblox.crt -keystore etc/SBkeystore.jks -storepass <pass>


Replace versions and password but otherwise run:

cd /opt/searchblox/lib

java -cp jetty-util-9.3.6.v20151106.jar <keystore password>

C:\SearchBloxServer>java -cp lib/jetty-util-9.3.6.v20151106.jar <keystore password>

This will create OBF and MD5 hashes of the given password that can be added to sslcontextfactory ie jetty-ssl-context.xml as below:

Ensure etc/jetty-ssl-context.xml refers to the directory of the new keystore + the hashed password from the previous step e.g:

<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">

  <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/SBkeystore.jks"/></Set>

  <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:1r2t1ugg1wgg1unj1ik8sjshy7hsk1ing1uof1wfi1kjs7jr55"/></Set>

  <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:1r2ldskfjfj7d7hjejdkd9jdy20ec1ing1uof1wfi1uha1r55"/></Set>

  <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/SBkeystore.jks"/></Set>

  <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:1r2t1ugg1wgg1udlkdkfjgjjg8duhjd7huha1r55"/></Set>

  <Set name="EndpointIdentificationAlgorithm"></Set>

  <Set name="ExcludeCipherSuites">



Please update start.d/ssl.ini with the same details

jre/bin/java -server -jar start.jar --add-to-startd=https

nohup ./startSearchBlox &

SearchBlox will now be able to use the SSL certificate and serve up the search results from the specified secure port.


Additional Note:

1) When creating or exporting the JKS, be sure to specify format PKCS #12 and not simply JKS format. Jetty requires PKCS #12.

2) If working with a SearchBlox cluster, specify all of the host names in the cluster as Subject Alt Names on the certificate. This lets you use the same certificate/JKS file for all machines in the cluster

Have more questions? Submit a request