A correction is needed here, this seems to actually work. The catch is
that if a JmxOperationInvoker is created from a client with a “ssl-
enabled-components” scope broader than the one defined on the locators
and servers, it seems to override it “cluster” scope. Is this behavior
expected?
On Thu, 2019-09-26 at 19:21 +, Mario Kevo wrote:
> Hi geode dev,
>
> We would need to clarify the meaning of some ssl configuration
> parameters. When the flag “ssl-enabled-components” is set to
> “cluster”,
> our understanding is that this means geode would enforce SSL only
> between members of the same distributedSystem (same site). This would
> imply that communication between sites (gateway communication and
> site2site locator communication) wouldn’t be encrypted with ssl? Is
> this understanding correct?
>
> If so, the behavior seems to differ: locator2locator communication
> between 2 sites/distributed systems fails if their certificates
> aren’t
> properly configured, meaning that ssl is still enforced in that
> communication.
>
> Thanks,
> Mario
