Start the Server with SSL/TLS

You activate SSL at the server side with the property derby.drda.sslMode (default off) or the -ssl option for the server start command.

For server SSL/TLS, a server key pair needs to be generated. If the server is going to do client authentication, the client certificates need to be installed in the trust store.These operations are described in Generate Key Pairs and Certificates.

Starting the Server with Basic SSL Encryption

When the SSL mode is set to basic, the server only accepts SSL encrypted connections.

The properties javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword need to be set with the proper values.

Example

gfxd server start -J-Djavax.net.ssl.keyStore=serverKeyStore.key \
     -J-Djavax.net.ssl.keyStorePassword=qwerty \
     -gemfirexd.drda.sslMode=basic

Starting a Server That Authenticates Clients

When the server's SSL mode is set to peerAuthentication, the server authenticates its clients' identity in addition to encrypting network traffic. In this situation, the server's trust store must contain a certificate for each client which will connect.

The javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword need to be set in addition to the properties above.

Example

gfxd server start -J-Djavax.net.ssl.keyStore=serverKeyStore.key \
     -J-Djavax.net.ssl.keyStorePassword=qwerty \
     -J-Djavax.net.ssl.trustStore=serverTrustStore.key \
     -J-Djavax.net.ssl.trustStorePassword=qwerty \
     -gemfirexd.drda.sslMode=peerAuthentication