You can use SSL alone or in conjunction with the other GemFire security options.
You configure SSL for mutual authentication between members and to protect your data during
distribution. If configured, SSL is used for all stream-socket communication.
GemFire uses SSL connections from the Java Secure Sockets Extension (JSSE) package.
- Make sure your Java installation
includes the JSSE API and familiarize yourself with its use. For
information, see the Oracle JSSE website http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html.
- Configure your security provider:
- Specify the SSL provider in
the lib/security/java.security file under your JRE
home directory. Indicate the providers you are using for your
certificate, protocol, and cipher suites. Your Java installation
should include information on how to modify this file for this. The
security file is usually self-documenting.
- Specify provider-required
configuration settings. These are usually keystore and truststore
configurations. Your provider documentation should include specific
configuration requirements. You can add these configurations in a
separate, restricted-access gfsecurity.properties
- Configure your distributed system
members for SSL:
- Use locators for member
discovery within the distributed systems and for client discovery of
servers. See Configuring Peer-to-Peer Discovery
and Configuring a Client/Server System.
- Configure all system
members for SSL communication. See SSL properties (ssl-*) in gemfire.properties and gfsecurity.properties (GemFire Properties).
In gemfire.properties, set:
To use SSL
for mutual authentication, in gemfire.properties,
ssl-ciphers to one of these three lines: