|Configuring Authentication and Authorization / Configuring Network Encryption and Authentication with SSL/TLS|
You activate SSL at the server side with the property derby.drda.sslMode (default off) or the -ssl option for the server start command.
When the SSL mode is set to basic, the server only accepts SSL encrypted connections.
The properties javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword need to be set with the proper values.
gfxd server start -J-Djavax.net.ssl.keyStore=serverKeyStore.key \ -J-Djavax.net.ssl.keyStorePassword=qwerty \ -gemfirexd.drda.sslMode=basic
When the server's SSL mode is set to peerAuthentication, the server authenticates its clients' identity in addition to encrypting network traffic. In this situation, the server's trust store must contain a certificate for each client which will connect.
The javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword need to be set in addition to the properties above.
gfxd server start -J-Djavax.net.ssl.keyStore=serverKeyStore.key \ -J-Djavax.net.ssl.keyStorePassword=qwerty \ -J-Djavax.net.ssl.trustStore=serverTrustStore.key \ -J-Djavax.net.ssl.trustStorePassword=qwerty \ -gemfirexd.drda.sslMode=peerAuthentication