Start a Server with SSL/TLS for Client Connections

When you start a GemFire XD member, you enaable SSL for client conenctions with the system property gemfirexd.drda.sslMode (default off).

For server SSL/TLS, a server key pair needs to be generated. If the server is going to do client authentication, the client certificates need to be installed in the trust store.These operations are described in Generate Key Pairs and Certificates.

Starting the Server with Basic SSL Encryption

When the SSL mode is set to basic, the server only accepts SSL encrypted connections from clients.

The system properties javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword need to be set with the proper values for the server.

Example

gfxd server start -J-Djavax.net.ssl.keyStore=serverKeyStore.key \
     -J-Djavax.net.ssl.keyStorePassword=qwerty \
     -J-Dgemfirexd.drda.sslMode=basic

Starting a Server That Authenticates Clients

When the server's SSL mode is set to peerAuthentication, the server authenticates its clients' identity in addition to encrypting network traffic. In this situation, the server's trust store must contain a certificate for each client which will connect.

The javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword need to be set in addition to the properties above.

Example

gfxd server start -J-Djavax.net.ssl.keyStore=serverKeyStore.key \
     -J-Djavax.net.ssl.keyStorePassword=qwerty \
     -J-Djavax.net.ssl.trustStore=serverTrustStore.key \
     -J-Djavax.net.ssl.trustStorePassword=qwerty \
     -J-Dgemfirexd.drda.sslMode=peerAuthentication