SSL Sample Implementation

A simple example demonstrates the configuration and startup of GemFire system components with SSL.

Provider-Specific Configuration File

This example uses a keystore created by the Java keytool application to provide the proper credentials to the provider. To create the keystore, we ran the following:
keytool -genkey \ 
-alias self \ 
-dname "CN=trusted" \ 
-validity 3650 \ 
-keypass password \ 
-keystore ./trusted.keystore \ 
-storepass password \ 
-storetype JKS 
This creates a ./trusted.keystore file to be used later.

gemfire.properties File

You can enable SSL in the gemfire.properties file:

ssl-enabled=true
mcast-port=0
locators=<hostaddress>[<port>]

gfsecurity.properties File

You can specify the provider-specific settings in gfsecurity.properties file, which can then be secured by restricting access to this file. The following example configures the default JSSE provider settings included with the JDK.
javax.net.ssl.keyStoreType=jks
javax.net.ssl.keyStore=/path/to/trusted.keystore
javax.net.ssl.keyStorePassword=password
javax.net.ssl.trustStore=/path/to/trusted.keystore
javax.net.ssl.trustStorePassword=
security-username=xxxx
security-userPassword=yyyy 

Locator Startup

Before starting other system members, we started the locator with the SSL and provider-specific configuration settings. After placing the properly configured gemfire.properties and gfsecurity.properties files in the current working directory, start the locator as usual. If any of the password fields are left empy, you will be prompted to enter a password.
gemfire start-locator -port=[port]

Other Member Startup

Applications and cacheservers can be started similarly to the locator startup, with the appropriate gemfire.properties file and gfsecurity.properties files placed in the current working directory. You can also pass in the location of both files as system properties on the command line. For example:
cacheserver start -J-DgemfirePropertyFile=D:\gfeserver\gemfire.properties 
-J-DgemfireSecurityPropertyFile=D:\gfeserver\gfsecurity.properties