Users see the error "Certificate is not recognized" when using SSL as they need to configure SSL. This article explains how to configure SSL.
When trying to enable SSL communication from a Gemfire Client to Gemfire Locators or Servers, the following exception is thrown: "Certificate is not recognized".
Note: We assume that the following steps were followed to set up SSL:
- Create a new a public and private key pair for the client;
- Export the self-signed certificate.
- Import the new self-signed certificate into the client side JRE key store at:
- Import the same certificate to gemfire8.keystore, which is being used by GemFire locator and server; and,
- When the client attempts to make a connection to the GemFire distributed system, the Fatal Exception that certificate is not recognized is thrown.
Additionally, we assume the following properties are configured:
The Java client uses the same GemFire properties as are used on the server side, so you should point the client to the key stores with the gfsecurity.properties file.
Do not use the "ssl-*" properties. They deprecated in favor of the "cluster-ssl-*" properties.
Since the locator is not a cache server, the "server-ssl-*" properties will never be used. However, you should set "cluster-ssl-require-authentication=false", so that your locator will not require authentication for clients connecting to it.
Once these changes are made, you should be able to create the ClientCache using:
ClientCache cache = new ClientCacheFactory().set("name", "GemClient")