Pivotal Knowledge Base

Follow

How to configure SSL for GemFire Java client?

Environment

Product Version
Pivotal GemFire 8.x

Purpose

This article describes how to configure SSL for GemFire java client.

Cause

Prior to configuring SSL for GemFire Java client, you need to configure SSL for any GemFire cache servers or locators. These may be configured for SSL as shown in the "SSL Sample Implementation" section of the User's Guide, however, a sample for the client is not provided. GemFire provides a consistent way of configuring SSL for all java-based GemFire components (cache servers, locators, clients, etc.). Hence, you can generally configure SSL for Java clients in a similar manner to cache servers or locators. For additional clarity, this article focuses on how to configure SSL for Java clients.

Procedure

Follow the steps to configure SSL for GemFire Java client as shown in the sample implementation:

  1. You need to configure SSL for cache servers (and locators, if you use them in your cluster)
  2. Decide how you want to set parameters related to SSL configuration as there are several ways to do so, including using GemFire's property files, using the GemFire Java API, or by setting Java System Properties. In this article, the parameters will be set using GemFire's property files, which should be put in a directory specified by the CLASSPATH.
  3. Prepare the "gemfire.properties" file in an appropriate directory (in the CLASSPATH) and add the following parameter setting:
    cluster-ssl-enabled=true
  4. Prepare the "gfsecurity.properties" file in an appropriate directory (as specified by the CLASSPATH) and add, at least, the following parameters:

    cluster-ssl-keystore-type=jks
    cluster-ssl-keystore=/path/to/your/keystore
    cluster-ssl-keystore-password=<password for your keystore>
    cluster-ssl-truststore=/path/to/your/truststore
    cluster-ssl-truststore-password=<password for your truststore>

    Note: The keystore and truststore must have the appropriate certificates (i.e. matching with those installed on the cache servers and locators).

Additional Information

  • You can change the path and name of GemFire's property files by specifying Java system properties (gemfirePropertyFile and gemfireSecurityPropertyFile), like the following, when you execute your GemFire Java client application:
    -DgemfirePropertyFile=/path/to/myGemfire.properties
    -DgemfireSecurityPropertyFile=/where/to/myGfsecurity.properties

    (In this case, the name of GemFire property file will be changed from the default, "gemfire.properties", to "myGemfire.properties" and located under "/path/to directory". Similarly, the name of GemFire security property file is changed from the default, "gfsecurity.properties", to "myGfsecurity.properties" and located under "/where/to" directory.)

  • Related KB: Choose correct type to config the ssl setting for gfsh or Native Client
  • Related KB: Seeing the error: "Certificate is not recognized" when using SSL

 

Comments

Powered by Zendesk