A correction is needed here, this seems to actually work. The catch is that if a JmxOperationInvoker is created from a client with a “ssl- enabled-components” scope broader than the one defined on the locators and servers, it seems to override it “cluster” scope. Is this behavior expected?
On Thu, 2019-09-26 at 19:21 +0000, Mario Kevo wrote: > Hi geode dev, > > We would need to clarify the meaning of some ssl configuration > parameters. When the flag “ssl-enabled-components” is set to > “cluster”, > our understanding is that this means geode would enforce SSL only > between members of the same distributedSystem (same site). This would > imply that communication between sites (gateway communication and > site2site locator communication) wouldn’t be encrypted with ssl? Is > this understanding correct? > > If so, the behavior seems to differ: locator2locator communication > between 2 sites/distributed systems fails if their certificates > aren’t > properly configured, meaning that ssl is still enforced in that > communication. > > Thanks, > Mario