Shuvro, I am able to connect to client using the configuration which I had used for ClientCacheFactory()
I see the following in logs, On Mon, Oct 19, 2015 at 12:07 AM, Shuvro Das <[email protected]> wrote: > Hi Nikhil, > > Is you client able to connect to the server? > > If not,could you please try by setting below properties and send us the > client log. > > ClientCache cache = new ClientCacheFactory().set("name", "GemClient") > > .set("log-level", "config") > .set("cluster-ssl-enabled","true") > .set("cluster-ssl-require-authentication","false") > .set("cluster-ssl-ciphers","any") > > .set("cluster-ssl-keystore","/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore") > > .set("cluster-ssl-keystore-password","password") > > > .set("cluster-ssl-truststore","/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore") > > .set("cluster-ssl-truststore-password","password") > .set("cache-xml-file","gemfire/config/clientCache.xml").create(); > > > Thanks and Regards, > Shuvro Das > > On Mon, Oct 19, 2015 at 6:15 AM, Nikhil Chandrappa <[email protected] > > wrote: > >> Darrel, >> >> Thank you responding to my questions. >> >> As you suggested I made "cluster-ssl-require-authentication=false" in my >> locator and server properties which prevents the need of authenticating the >> client by the locators. >> >> Actually, I was not aware that you could use the same ssl properties at >> client side also. Right now, I am creating ClientCache using >> >> ClientCache cache = new ClientCacheFactory().set("name", "GemClient") >> >> .set("log-level", "info") >> >> .set("cluster-ssl-enabled", "true") >> >> .set("cache-xml-file","gemfire/config/clientCache.xml").create(); >> >> SSL connection is getting created and client is not getting authenticated >> which was the behavior I was looking for. >> Thanks, >> Nikhil >> >> On Sun, Oct 18, 2015 at 6:40 PM, Darrel Schneider <[email protected]> >> wrote: >> >>> The java client uses the same gemfire properties you are suing on the >>> server side. So point you client on the keystores with the >>> *gfsecurity.properties >>> *file. >>> I would not use "ssl-*" properties. They are all deprecated in favor of >>> "cluster-ssl-*". >>> Having this in your locator properties seems wrong: >>> *server-ssl-require-authentication=false* >>> Since your locator is not a cache server the "server-ssl-*" properties >>> would never be used in it. >>> Perhaps you wanted it to also be >>> "cluster-ssl-require-authentication=false" so that your locator would not >>> require authentication of clients connecting to it. >>> >>> On Sun, Oct 18, 2015 at 10:33 AM, Nikhil Chandrappa < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> I am trying to enable the SSL communication from Gemfire Client to >>>> Gemfire locator/Server. However, I am getting an exception that >>>> "Certificate is not recognized". >>>> >>>> Steps: >>>> >>>> >>>> 1. I have created a new a public and private key pair for the client >>>> 2. Exported the self signed certificate >>>> 3. Imported the new self signed certificate to client side JRE >>>> keystore at >>>> >>>> /Library/Java/JavaVirtualMachines/jdk1.8.0_45.jdk/Contents/Home/jre/lib/security/cacerts >>>> 4. Imported the same certificate to gemfire8.keystore which is >>>> being used by Gemfire locator and server. >>>> 5. when I start the client to make a connection to Gemfire, I >>>> receive an Fatal Exception that certificate is not recognized >>>> >>>> I was wondering if there is any property to specify the keystore to be >>>> used at the client side. >>>> >>>> I searched the documentation but couldn't find any information for >>>> client side configurations. It would be great if anyone can point me to SSL >>>> configurations needed for Gemfire client. >>>> >>>> For reference, following are properties that I am using - >>>> >>>> *gemfire-server.properties* >>>> >>>> mcast-port=0 >>>> locators=localhost[10334] >>>> log-level=config >>>> cache-xml-file=../config/server-cache.xml >>>> statistic-sampling-enabled=true >>>> statistic-sample-rate=1000 >>>> statistic-archive-file=myStatisticsArchiveFile.gfs >>>> enable-time-statistics=false >>>> *jmx-manager-ssl-enabled=false* >>>> *cluster-ssl-enabled=true* >>>> *cluster-ssl-require-authentication=false* >>>> >>>> *gfsecurity.properties* >>>> >>>> >>>> cluster-ssl-keystore=/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore >>>> cluster-ssl-keystore-password=password >>>> >>>> cluster-ssl-truststore=/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore >>>> cluster-ssl-truststore-password=password >>>> >>>> *locator.properties* >>>> >>>> mcast-port=0 >>>> log-level=config >>>> locators=localhost[10334] >>>> >>>> *cluster-ssl-enabled=true* >>>> *server-ssl-require-authentication=false* >>>> >>>> *gemfire-client.properties* >>>> >>>> mcast-port=0 >>>> log-level=config >>>> log-file=gemClient.log >>>> *ssl-enabled=true* >>>> >>>> Thanks, >>>> Nikhil Chandrappa >>>> >>>> >>>> >>> >> >
