Configuring Network Encryption and Authentication with SSL/TLS
By default, all GemFire XD network traffic is unencrypted, with the exception of user names and user passwords, which can be encrypted separately. There is also no network layer access control mechanism. For deployment scenarios where these are possible security issues, the GemFire XD Network Server supports network security with Secure Socket Layer/Transport Layer Security (SSL/TLS).
With SSL/TLS, the client/server communication protocol is encrypted, and independently of each other, both client and server can require certificate-based authentication of each other.
It is assumed that the reader is somewhat familiar with SSL, key pairs, and certificates. This documentation is also based on the Java Development Kit (JDK) and its keytool application.
For the remainder of this section, the term SSL is used for SSL/TLS and the term peer is used for the other part of the communication (The server's peer is the client and vice versa).
- The default, no SSL encryption
- SSL encryption, no peer authentication
- SSL encryption and peer authentication
You can set peer authentication on the server or on the client or on both. Peer authentication means that the other side of the SSL connection is authenticated based on a trusted certificate installed locally.
Alternatively, you can install a Certification Authority (CA) certificate locally and the peer has a certificate signed by that authority. How to achieve this is not described in this document. Consult your Java environment documentation for details.