Connect a Client using SSL/TLS

You enable SSL encryption for a client connection using the property ssl connection property.

Set the property to "basic" to encrypt the connection. For example, to connect using basic SSL with a gfxd thin client connection:
gfxd> connect client 'myhost:1527;ssl=basic';
Or, to connect in a Java application:
Connection c = 
   getConnection("jdbc:gemfirexd://myhost:1527/db;ssl=basic");

Running a Client that Authenticates the Server

For a client to authenticate with the server, the client's trust store must contain the server's certificate.

You enable client SSL with server authentication by setting the URL attribute ssl or the property ssl to peerAuthentication. In addition, the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword need to be set.

Example

    System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
    System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
    Connection c = 
       getConnection("jdbc:gemfirexd://myhost:1527/db;ssl=peerAuthentication");

Running the Client When the Server Does Client Authentication

If the server authenticates clients, the client needs a key pair and a client certificate which is installed in the server's trust store. See Generate Key Pairs and Certificates.

The client needs to set javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.

Example

    System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
    System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
    Connection c = 
       getConnection("jdbc:gemfirexd://myhost:1527/db;ssl=basic");

Running the Client When Both Parties Do Peer Authentication

This is a combination of the two last variants.

Example

    System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
    System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
    System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
    System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
    Connection c = 
       getConnection("jdbc:gemfirexd://myhost:1527/db;ssl=peerAuthentication");