Hi Nikhil,
Is you client able to connect to the server?
If not,could you please try by setting below properties and send us the
client log.
ClientCache cache = new ClientCacheFactory().set("name", "GemClient")
.set("log-level", "config")
.set("cluster-ssl-enabled","true")
.set("cluster-ssl-require-authentication","false")
.set("cluster-ssl-ciphers","any")
.set("cluster-ssl-keystore","/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore")
.set("cluster-ssl-keystore-password","password")
.set("cluster-ssl-truststore","/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore")
.set("cluster-ssl-truststore-password","password")
.set("cache-xml-file","gemfire/config/clientCache.xml").create();
Thanks and Regards,
Shuvro Das
On Mon, Oct 19, 2015 at 6:15 AM, Nikhil Chandrappa <[email protected]>
wrote:
> Darrel,
>
> Thank you responding to my questions.
>
> As you suggested I made "cluster-ssl-require-authentication=false" in my
> locator and server properties which prevents the need of authenticating the
> client by the locators.
>
> Actually, I was not aware that you could use the same ssl properties at
> client side also. Right now, I am creating ClientCache using
>
> ClientCache cache = new ClientCacheFactory().set("name", "GemClient")
>
> .set("log-level", "info")
>
> .set("cluster-ssl-enabled", "true")
>
> .set("cache-xml-file","gemfire/config/clientCache.xml").create();
>
> SSL connection is getting created and client is not getting authenticated
> which was the behavior I was looking for.
> Thanks,
> Nikhil
>
> On Sun, Oct 18, 2015 at 6:40 PM, Darrel Schneider <[email protected]>
> wrote:
>
>> The java client uses the same gemfire properties you are suing on the
>> server side. So point you client on the keystores with the
>> *gfsecurity.properties
>> *file.
>> I would not use "ssl-*" properties. They are all deprecated in favor of
>> "cluster-ssl-*".
>> Having this in your locator properties seems wrong:
>> *server-ssl-require-authentication=false*
>> Since your locator is not a cache server the "server-ssl-*" properties
>> would never be used in it.
>> Perhaps you wanted it to also be
>> "cluster-ssl-require-authentication=false" so that your locator would not
>> require authentication of clients connecting to it.
>>
>> On Sun, Oct 18, 2015 at 10:33 AM, Nikhil Chandrappa <
>> [email protected]> wrote:
>>
>>> Hi,
>>>
>>> I am trying to enable the SSL communication from Gemfire Client to
>>> Gemfire locator/Server. However, I am getting an exception that
>>> "Certificate is not recognized".
>>>
>>> Steps:
>>>
>>>
>>> 1. I have created a new a public and private key pair for the client
>>> 2. Exported the self signed certificate
>>> 3. Imported the new self signed certificate to client side JRE
>>> keystore at
>>>
>>> /Library/Java/JavaVirtualMachines/jdk1.8.0_45.jdk/Contents/Home/jre/lib/security/cacerts
>>> 4. Imported the same certificate to gemfire8.keystore which is being
>>> used by Gemfire locator and server.
>>> 5. when I start the client to make a connection to Gemfire, I
>>> receive an Fatal Exception that certificate is not recognized
>>>
>>> I was wondering if there is any property to specify the keystore to be
>>> used at the client side.
>>>
>>> I searched the documentation but couldn't find any information for
>>> client side configurations. It would be great if anyone can point me to SSL
>>> configurations needed for Gemfire client.
>>>
>>> For reference, following are properties that I am using -
>>>
>>> *gemfire-server.properties*
>>>
>>> mcast-port=0
>>> locators=localhost[10334]
>>> log-level=config
>>> cache-xml-file=../config/server-cache.xml
>>> statistic-sampling-enabled=true
>>> statistic-sample-rate=1000
>>> statistic-archive-file=myStatisticsArchiveFile.gfs
>>> enable-time-statistics=false
>>> *jmx-manager-ssl-enabled=false*
>>> *cluster-ssl-enabled=true*
>>> *cluster-ssl-require-authentication=false*
>>>
>>> *gfsecurity.properties*
>>>
>>>
>>> cluster-ssl-keystore=/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore
>>> cluster-ssl-keystore-password=password
>>>
>>> cluster-ssl-truststore=/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore
>>> cluster-ssl-truststore-password=password
>>>
>>> *locator.properties*
>>>
>>> mcast-port=0
>>> log-level=config
>>> locators=localhost[10334]
>>>
>>> *cluster-ssl-enabled=true*
>>> *server-ssl-require-authentication=false*
>>>
>>> *gemfire-client.properties*
>>>
>>> mcast-port=0
>>> log-level=config
>>> log-file=gemClient.log
>>> *ssl-enabled=true*
>>>
>>> Thanks,
>>> Nikhil Chandrappa
>>>
>>>
>>>
>>
>
