Thanks Udo, Sai. But as per documentation this property ssl-require-authentication is only applicable to cluster members.
*ssl-require-authentication*Requires two-way authentication, applies to all components except web. Boolean - if true (the default), two-way authentication is required https://geode.apache.org/docs/guide/15/managing/security/implementing_ssl.html And there is one more doubt regarding newly introduced ssl property. ssl‑endpoint‑identification‑enabled causes clients to validate server hostname using server certificate Is this applicable to both client and servers for hostname verification? Thanks, Ashish On Fri, Dec 21, 2018, 11:20 PM Udo Kohlmeyer <[email protected]> wrote: > Ashish, > > As Sai has stated... > > In Geode: > > - ssl-require-authentication=false -> Client authenticate Server SSL > key > - ssl-require-authentication=true -> Client authenticate Server SSL > key AND Server authenticate Client SSL key > > --Udo > > On 12/21/18 08:25, Sai Boorlagadda wrote: > > It is *mutual auth*. Both server and client validate either's key. > I should have mentioned "in addition to...." > > Sai > > On Fri, Dec 21, 2018 at 7:54 AM aashish choudhary < > [email protected]> wrote: > >> So it's not mutual authentication? Both the parties are not validating >> each other only server is validating client's key if I my understanding is >> correct. >> >> >> With best regards, >> Ashish >> >> On Fri, Dec 21, 2018, 1:29 AM Sai Boorlagadda <[email protected] >> wrote: >> >>> Hello Aashish, >>> >>> When ssl-require-authentication is set allows servwrs to validate >>> client's public key, which also requires you to include the CA in server's >>> trust store using which client public key is signed. >>> >>> Sai >>> >>> On Thu, Dec 20, 2018, 10:43 AM aashish choudhary < >>> [email protected] wrote: >>> >>>> We wanted to implement two way ssl with geode and needed some >>>> understanding on ssl property ssl-require-authentication. As per docs >>>> *ssl-require-authentication* Requires two-way authentication, applies >>>> to all components except web. Boolean - if true (the default), two-way >>>> authentication is required. >>>> So if we set this as true it will only verify the trust chain or some >>>> public key stuff for both client and server will get verified in this >>>> authentication. >>>> >>>> >>>> Thanks, >>>> Ashish >>>> >>> > >
