The java client uses the same gemfire properties you are suing on the server side. So point you client on the keystores with the *gfsecurity.properties *file. I would not use "ssl-*" properties. They are all deprecated in favor of "cluster-ssl-*". Having this in your locator properties seems wrong: *server-ssl-require-authentication=false* Since your locator is not a cache server the "server-ssl-*" properties would never be used in it. Perhaps you wanted it to also be "cluster-ssl-require-authentication=false" so that your locator would not require authentication of clients connecting to it.
On Sun, Oct 18, 2015 at 10:33 AM, Nikhil Chandrappa <[email protected]> wrote: > Hi, > > I am trying to enable the SSL communication from Gemfire Client to Gemfire > locator/Server. However, I am getting an exception that "Certificate is not > recognized". > > Steps: > > > 1. I have created a new a public and private key pair for the client > 2. Exported the self signed certificate > 3. Imported the new self signed certificate to client side JRE > keystore at > > /Library/Java/JavaVirtualMachines/jdk1.8.0_45.jdk/Contents/Home/jre/lib/security/cacerts > 4. Imported the same certificate to gemfire8.keystore which is being > used by Gemfire locator and server. > 5. when I start the client to make a connection to Gemfire, I receive > an Fatal Exception that certificate is not recognized > > I was wondering if there is any property to specify the keystore to be > used at the client side. > > I searched the documentation but couldn't find any information for client > side configurations. It would be great if anyone can point me to SSL > configurations needed for Gemfire client. > > For reference, following are properties that I am using - > > *gemfire-server.properties* > > mcast-port=0 > locators=localhost[10334] > log-level=config > cache-xml-file=../config/server-cache.xml > statistic-sampling-enabled=true > statistic-sample-rate=1000 > statistic-archive-file=myStatisticsArchiveFile.gfs > enable-time-statistics=false > *jmx-manager-ssl-enabled=false* > *cluster-ssl-enabled=true* > *cluster-ssl-require-authentication=false* > > *gfsecurity.properties* > > > cluster-ssl-keystore=/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore > cluster-ssl-keystore-password=password > > cluster-ssl-truststore=/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore > cluster-ssl-truststore-password=password > > *locator.properties* > > mcast-port=0 > log-level=config > locators=localhost[10334] > > *cluster-ssl-enabled=true* > *server-ssl-require-authentication=false* > > *gemfire-client.properties* > > mcast-port=0 > log-level=config > log-file=gemClient.log > *ssl-enabled=true* > > Thanks, > Nikhil Chandrappa > > >
