Implementing SSL

You can use SSL alone or in conjunction with the other GemFire security options.

You configure SSL for mutual authentication between members and to protect your data during distribution. If configured, SSL is used for all stream-socket communication. GemFire uses SSL connections from the Java Secure Sockets Extension (JSSE) package.
  1. Make sure your Java installation includes the JSSE API and familiarize yourself with its use. For information, see the Oracle JSSE website http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html.
  2. Configure your security provider:
    1. Specify the SSL provider in the lib/security/java.security file under your JRE home directory. Indicate the providers you are using for your certificate, protocol, and cipher suites. Your Java installation should include information on how to modify this file for this. The security file is usually self-documenting.
    2. Specify provider-required configuration settings. These are usually keystore and truststore configurations. Your provider documentation should include specific configuration requirements. You can add these configurations in a separate, restricted-access gfsecurity.properties file.
  3. Configure your distributed system members for SSL:
    1. Use locators for member discovery within the distributed systems and for client discovery of servers. See Configuring Peer-to-Peer Discovery and Configuring a Client/Server System.
    2. Configure all system members for SSL communication. See SSL properties (ssl-*) in gemfire.properties and gfsecurity.properties (GemFire Properties). In gemfire.properties, set:
      ssl-enabled=true
      ssl-protocols=any
      To use SSL for mutual authentication, in gemfire.properties, set:
      ssl-require-authentication=true
      and set ssl-ciphers to one of these three lines:
      ssl-ciphers=SSL_RSA_WITH_NULL_SHA
      ssl-ciphers=SSL_RSA_WITH_NULL_MD5
      ssl-ciphers=SSL_RSA_WITH_NULL_MD5 SSL_RSA_WITH_NULL_SHA