SSL Sample Implementation

A simple example demonstrates the configuration and startup of GemFire system components with SSL.

Provider-Specific Configuration File

This example uses a keystore created by the Java keytool application to provide the proper credentials to the provider. To create the keystore, we ran the following:
keytool -genkey \ 
-alias self \ 
-dname "CN=trusted" \ 
-validity 3650 \ 
-keypass password \ 
-keystore ./trusted.keystore \ 
-storepass password \ 
-storetype JKS 
This creates a ./trusted.keystore file to be used later. File

You can enable SSL in the file:

locators=<hostaddress>[<port>] File

You can specify the provider-specific settings in file, which can then be secured by restricting access to this file. The following example configures the default JSSE provider settings included with the JDK.

Locator Startup

Before starting other system members, we started the locator with the SSL and provider-specific configuration settings. After placing the properly configured and files in the current working directory, start the locator as usual. If any of the password fields are left empy, you will be prompted to enter a password.
gemfire start-locator -port=[port]

Other Member Startup

Applications and cacheservers can be started similarly to the locator startup, with the appropriate file and files placed in the current working directory. You can also pass in the location of both files as system properties on the command line. For example:
cacheserver start -J-DgemfirePropertyFile=D:\gfeserver\