Darrel,
Thank you responding to my questions.
As you suggested I made "cluster-ssl-require-authentication=false" in my
locator and server properties which prevents the need of authenticating the
client by the locators.
Actually, I was not aware that you could use the same ssl properties at
client side also. Right now, I am creating ClientCache using
ClientCache cache = new ClientCacheFactory().set("name", "GemClient")
.set("log-level", "info")
.set("cluster-ssl-enabled", "true")
.set("cache-xml-file","gemfire/config/clientCache.xml").create();
SSL connection is getting created and client is not getting authenticated
which was the behavior I was looking for.
Thanks,
Nikhil
On Sun, Oct 18, 2015 at 6:40 PM, Darrel Schneider <[email protected]>
wrote:
> The java client uses the same gemfire properties you are suing on the
> server side. So point you client on the keystores with the
> *gfsecurity.properties
> *file.
> I would not use "ssl-*" properties. They are all deprecated in favor of
> "cluster-ssl-*".
> Having this in your locator properties seems wrong:
> *server-ssl-require-authentication=false*
> Since your locator is not a cache server the "server-ssl-*" properties
> would never be used in it.
> Perhaps you wanted it to also be
> "cluster-ssl-require-authentication=false" so that your locator would not
> require authentication of clients connecting to it.
>
> On Sun, Oct 18, 2015 at 10:33 AM, Nikhil Chandrappa <
> [email protected]> wrote:
>
>> Hi,
>>
>> I am trying to enable the SSL communication from Gemfire Client to
>> Gemfire locator/Server. However, I am getting an exception that
>> "Certificate is not recognized".
>>
>> Steps:
>>
>>
>> 1. I have created a new a public and private key pair for the client
>> 2. Exported the self signed certificate
>> 3. Imported the new self signed certificate to client side JRE
>> keystore at
>>
>> /Library/Java/JavaVirtualMachines/jdk1.8.0_45.jdk/Contents/Home/jre/lib/security/cacerts
>> 4. Imported the same certificate to gemfire8.keystore which is being
>> used by Gemfire locator and server.
>> 5. when I start the client to make a connection to Gemfire, I receive
>> an Fatal Exception that certificate is not recognized
>>
>> I was wondering if there is any property to specify the keystore to be
>> used at the client side.
>>
>> I searched the documentation but couldn't find any information for client
>> side configurations. It would be great if anyone can point me to SSL
>> configurations needed for Gemfire client.
>>
>> For reference, following are properties that I am using -
>>
>> *gemfire-server.properties*
>>
>> mcast-port=0
>> locators=localhost[10334]
>> log-level=config
>> cache-xml-file=../config/server-cache.xml
>> statistic-sampling-enabled=true
>> statistic-sample-rate=1000
>> statistic-archive-file=myStatisticsArchiveFile.gfs
>> enable-time-statistics=false
>> *jmx-manager-ssl-enabled=false*
>> *cluster-ssl-enabled=true*
>> *cluster-ssl-require-authentication=false*
>>
>> *gfsecurity.properties*
>>
>>
>> cluster-ssl-keystore=/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore
>> cluster-ssl-keystore-password=password
>>
>> cluster-ssl-truststore=/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore
>> cluster-ssl-truststore-password=password
>>
>> *locator.properties*
>>
>> mcast-port=0
>> log-level=config
>> locators=localhost[10334]
>>
>> *cluster-ssl-enabled=true*
>> *server-ssl-require-authentication=false*
>>
>> *gemfire-client.properties*
>>
>> mcast-port=0
>> log-level=config
>> log-file=gemClient.log
>> *ssl-enabled=true*
>>
>> Thanks,
>> Nikhil Chandrappa
>>
>>
>>
>
