Run a Client with SSL/TLS

You enable basic SSL encryption on the client by the URL attribute ssl, the property ssl, or the datasource attribute ssl set to basic.

Example

Connection c = 
   getConnection("jdbc:gemfirexd://myhost:1527/db;ssl=basic");

Running a Client that Authenticates the Server

For a client to authenticate the server, the client's trust store must contain the server's certificate.

You enable client SSL with server authentication by setting the URL attribute ssl or the property ssl to peerAuthentication. In addition, the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword need to be set.

Example

    System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
    System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
    Connection c = 
       getConnection("jdbc:gemfirexd://myhost:1527/db;ssl=peerAuthentication");

Running the Client When the Server Does Client Authentication

If the server authenticates clients, the client needs a key pair and a client certificate which is installed in the server's trust store. See Generate Key Pairs and Certificates.

The client needs to set javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.

Example

    System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
    System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
    Connection c = 
       getConnection("jdbc:gemfirexd://myhost:1527/db;ssl=basic");

Running the Client When Both Parties Do Peer Authentication

This is a combination of the two last variants.

Example

    System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
    System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
    System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
    System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
    Connection c = 
       getConnection("jdbc:gemfirexd://myhost:1527/db;ssl=peerAuthentication");