Gravatar for jhansen@singlestoneconsulting.com

Question by Jeff Hansen, Aug 15, 2016 11:55 AM

Does securing the admin service force the search service to use HTTPS?

We're using Coveo for Sitecore 4.0 and are having trouble load balancing some mirrors behind an F5 load balancer because the search service certificate is issued by the Coveo CA, which the F5 does not trust. We may not be able to add the Coveo CA to the list of trusted CAs for the F5.

  1. Did the fact that we secured the admin service during installation force the search service to use HTTPS?
  2. Can we turn HTTPS for the search service off and still have the admin service secured?
  3. And, what are the implications of turning off HTTPS for the search service?
1 Reply
Gravatar for jflheureux@coveo.com

Answer by Jean-François L'Heureux, Aug 15, 2016 12:59 PM

Hi Jeff,

  1. The Coveo Admin Service has nothing to do about the Coveo Search Service. The Coveo Search Service is by default in HTTPS and secured by the cert-iis.p12 certificate of the index folder.
  2. Yes, you can have the Coveo Admin Service secured and the Coveo Search Service unsecured. You can disable the SSL connection in the admin tool for each mirror, including the master (see Configuring the Search Web Service for a Mirror). If you do unsecure the Coveo Search Service in CES, you will need to adjust the Coveo Search API config.yml "server > uri" property value from HTTPS to HTTP. However, I really don't recommend this setup (see point #3).
  3. It's not recommended at all to run the Coveo Search Service unsecured. The reason is because this service allows user impersonation to execute the search queries on behalf of the visitor user identities. With security, you trust that the querying application with the certificate is handling security correctly and is using the logged-in user identity only. Without security, anyone would be able to send search queries impersonating anyone else (and enable anyone to access the CEO private indexed documents for example).

I hope this helps,

Jeff

Gravatar for jhansen@singlestoneconsulting.com

Comment by Jeff Hansen, Aug 15, 2016 1:00 PM

Thanks, Jeff. That should give me what I need to move forward.

Ask a question