SSL Sample Implementation

SSL Sample Implementation

A simple example demonstrates the configuration and startup of GemFire system components with SSL.

Provider-Specific Configuration File

This example uses a keystore created by the Java keytool application to provide the proper credentials to the provider. To create the keystore, we ran the following:
keytool -genkey \ 
-alias self \ 
-dname "CN=trusted" \ 
-validity 3650 \ 
-keypass password \ 
-keystore ./trusted.keystore \ 
-storepass password \ 
-storetype JKS 
This creates a ./trusted.keystore file to be used later. File

You can enable SSL in the file. In this example, SSL is enabled for all peer-to-peer, client/server, and HTTP connections. However, the jmx-manager-ssl=false override is added to disable SSL For JMX conenctiosn:

jmx-manager-ssl-enabled=false File

You can specify the provider-specific settings in file, which can then be secured by restricting access to this file. The following example configures the default JSSE provider settings included with the JDK.

Note that individual provider settings can also be overriden for client/server, JMX, or HTTP connections by setting the appropriate property here. See Configuring SSL.

Locator Startup

Before starting other system members, we started the locator with the SSL and provider-specific configuration settings. After properly configuring and, start the locator and provide the location of the properties files. If any of the password fields are left empty, you will be prompted to enter a password.
gfsh>start locator --name=my_locator --port=12345 \

Other Member Startup

Applications and cache servers can be started similarly to the locator startup, with the appropriate file and files placed in the current working directory. You can also pass in the location of both files as system properties on the command line. For example:
gfsh>start server --name=my_server \
--properties-file=/path/to/your/ \