Implementing SSL

You can use SSL alone or in conjunction with the other GemFire security options.

You configure SSL for mutual authentication between members and to protect your data during distribution. If configured, SSL is used for all stream-socket communication. GemFire uses SSL connections from the Java Secure Sockets Extension (JSSE) package.
  1. Make sure your Java installation includes the JSSE API and familiarize yourself with its use. For information, see the Oracle JSSE website
  2. Configure your security provider:
    1. Specify the SSL provider in the lib/security/ file under your JRE home directory. Indicate the providers you are using for your certificate, protocol, and cipher suites. Your Java installation should include information on how to modify this file for this. The security file is usually self-documenting.
    2. Specify provider-required configuration settings. These are usually keystore and truststore configurations. Your provider documentation should include specific configuration requirements. You can add these configurations in a separate, restricted-access file.
  3. Configure your distributed system members for SSL:
    1. Use locators for member discovery within the distributed systems and for client discovery of servers. See Configuring Peer-to-Peer Discovery and Configuring a Client/Server System.
    2. Configure all system members for SSL communication. See SSL properties (ssl-*) in and (GemFire Properties). In, set:
      To use SSL for mutual authentication, in, set:
      and set ssl-ciphers to one of these three lines: