I see the following in logs, [info 2015/10/18 20:48:04.643 EDT ProjectClient <poolTimer-clientPool-2> tid=0x17] AutoConnectionSource discovered new locators [NikhilCappasMBP.fios-router.home/192.168.1.156:10334]
[info 2015/10/18 20:48:04.672 EDT ProjectClient <poolTimer-clientPool-3> tid=0x18] SSL Connection from peer CN=nchandrappa, OU=Gemfire, O=Pivotal, L=Newyork, ST=NY, C=US [info 2015/10/18 20:48:04.672 EDT ProjectClient <poolTimer-clientPool-3> tid=0x18] Updating membership port. Port changed from 0 to 59,223. [info 2015/10/18 20:48:04.688 EDT ProjectClient <main> tid=0x1] SSL Connection from peer CN=nchandrappa, OU=Gemfire, O=Pivotal, L=Newyork, ST=NY, C=US [info 2015/10/18 20:48:04.765 EDT ProjectClient <main> tid=0x1] SSL Connection from peer CN=nchandrappa, OU=Gemfire, O=Pivotal, L=Newyork, ST=NY, C=US [info 2015/10/18 20:48:04.786 EDT ProjectClient <Cache Client Updater Thread on NikhilCappasMBP(serverVoya1:89103)<v1>:40100 port 59140> tid=0x1d] Cache Client Updater Thread on NikhilCappasMBP(serverVoya1:89103)<v1>:40100 port 59140 (nikhilcappasmbp.fios-router.home:59140) : ready to process messages. [info 2015/10/18 20:48:04.786 EDT ProjectClient <main> tid=0x1] Pool clientPool started with multiuser-authentication=false Thanks, Nikhil On Mon, Oct 19, 2015 at 10:13 AM, Nikhil Chandrappa <[email protected]> wrote: > Shuvro, > > I am able to connect to client using the configuration which I had used > for ClientCacheFactory() > > I see the following in logs, > > > > On Mon, Oct 19, 2015 at 12:07 AM, Shuvro Das <[email protected]> wrote: > >> Hi Nikhil, >> >> Is you client able to connect to the server? >> >> If not,could you please try by setting below properties and send us the >> client log. >> >> ClientCache cache = new ClientCacheFactory().set("name", "GemClient") >> >> .set("log-level", "config") >> .set("cluster-ssl-enabled","true") >> .set("cluster-ssl-require-authentication","false") >> .set("cluster-ssl-ciphers","any") >> >> .set("cluster-ssl-keystore","/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore") >> >> .set("cluster-ssl-keystore-password","password") >> >> >> .set("cluster-ssl-truststore","/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore") >> >> .set("cluster-ssl-truststore-password","password") >> .set("cache-xml-file","gemfire/config/clientCache.xml").create(); >> >> >> Thanks and Regards, >> Shuvro Das >> >> On Mon, Oct 19, 2015 at 6:15 AM, Nikhil Chandrappa < >> [email protected]> wrote: >> >>> Darrel, >>> >>> Thank you responding to my questions. >>> >>> As you suggested I made "cluster-ssl-require-authentication=false" in >>> my locator and server properties which prevents the need of authenticating >>> the client by the locators. >>> >>> Actually, I was not aware that you could use the same ssl properties at >>> client side also. Right now, I am creating ClientCache using >>> >>> ClientCache cache = new ClientCacheFactory().set("name", "GemClient") >>> >>> .set("log-level", "info") >>> >>> .set("cluster-ssl-enabled", "true") >>> >>> .set("cache-xml-file","gemfire/config/clientCache.xml").create(); >>> >>> SSL connection is getting created and client is not getting >>> authenticated which was the behavior I was looking for. >>> Thanks, >>> Nikhil >>> >>> On Sun, Oct 18, 2015 at 6:40 PM, Darrel Schneider <[email protected] >>> > wrote: >>> >>>> The java client uses the same gemfire properties you are suing on the >>>> server side. So point you client on the keystores with the >>>> *gfsecurity.properties >>>> *file. >>>> I would not use "ssl-*" properties. They are all deprecated in favor of >>>> "cluster-ssl-*". >>>> Having this in your locator properties seems wrong: >>>> *server-ssl-require-authentication=false* >>>> Since your locator is not a cache server the "server-ssl-*" properties >>>> would never be used in it. >>>> Perhaps you wanted it to also be >>>> "cluster-ssl-require-authentication=false" so that your locator would not >>>> require authentication of clients connecting to it. >>>> >>>> On Sun, Oct 18, 2015 at 10:33 AM, Nikhil Chandrappa < >>>> [email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> I am trying to enable the SSL communication from Gemfire Client to >>>>> Gemfire locator/Server. However, I am getting an exception that >>>>> "Certificate is not recognized". >>>>> >>>>> Steps: >>>>> >>>>> >>>>> 1. I have created a new a public and private key pair for the >>>>> client >>>>> 2. Exported the self signed certificate >>>>> 3. Imported the new self signed certificate to client side JRE >>>>> keystore at >>>>> >>>>> /Library/Java/JavaVirtualMachines/jdk1.8.0_45.jdk/Contents/Home/jre/lib/security/cacerts >>>>> 4. Imported the same certificate to gemfire8.keystore which is >>>>> being used by Gemfire locator and server. >>>>> 5. when I start the client to make a connection to Gemfire, I >>>>> receive an Fatal Exception that certificate is not recognized >>>>> >>>>> I was wondering if there is any property to specify the keystore to be >>>>> used at the client side. >>>>> >>>>> I searched the documentation but couldn't find any information for >>>>> client side configurations. It would be great if anyone can point me to >>>>> SSL >>>>> configurations needed for Gemfire client. >>>>> >>>>> For reference, following are properties that I am using - >>>>> >>>>> *gemfire-server.properties* >>>>> >>>>> mcast-port=0 >>>>> locators=localhost[10334] >>>>> log-level=config >>>>> cache-xml-file=../config/server-cache.xml >>>>> statistic-sampling-enabled=true >>>>> statistic-sample-rate=1000 >>>>> statistic-archive-file=myStatisticsArchiveFile.gfs >>>>> enable-time-statistics=false >>>>> *jmx-manager-ssl-enabled=false* >>>>> *cluster-ssl-enabled=true* >>>>> *cluster-ssl-require-authentication=false* >>>>> >>>>> *gfsecurity.properties* >>>>> >>>>> >>>>> cluster-ssl-keystore=/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore >>>>> cluster-ssl-keystore-password=password >>>>> >>>>> cluster-ssl-truststore=/Users/nchandrappa/Documents/gemfire/security/gemfire8.keystore >>>>> cluster-ssl-truststore-password=password >>>>> >>>>> *locator.properties* >>>>> >>>>> mcast-port=0 >>>>> log-level=config >>>>> locators=localhost[10334] >>>>> >>>>> *cluster-ssl-enabled=true* >>>>> *server-ssl-require-authentication=false* >>>>> >>>>> *gemfire-client.properties* >>>>> >>>>> mcast-port=0 >>>>> log-level=config >>>>> log-file=gemClient.log >>>>> *ssl-enabled=true* >>>>> >>>>> Thanks, >>>>> Nikhil Chandrappa >>>>> >>>>> >>>>> >>>> >>> >> >
