Enable SSL for an external WebSphere® eXtreme Scale grid by setting up a public key infrastructure, then enabling SSL on the integration server.
Read the concept information in WebSphere eXtreme Scale grids and Public key cryptography.
You can enable SSL for client connections to external WebSphere eXtreme Scale grids. You cannot enable SSL for servers in the embedded global cache.
To enable SSL communication, configure the keystore, truststore, passwords, and certificates. To enable server authentication, import the public certificate from the WebSphere eXtreme Scale server into the broker or integration server truststore. If the server requires client authentication, you must also create a private key in the broker or integration server keystore that the WebSphere eXtreme Scale server trusts.
You then set properties on the integration server to enable SSL and specify the required protocol. You can also nominate a particular key to use if you have more than one. SSL connections can be made only from integration servers that are not hosting catalog or container servers.
The following steps describe how to enable SSL for an external WebSphere eXtreme Scale grid.
Keystore, truststore, and protocol settings are verified the first time that a connection is made from the integration server (either to the embedded grid, or for the first remote connection). Errors in the configuration are reported as a warning, and SSL connections are then prohibited. For example, a warning is issued if a keystore file is not found, the file is corrupted, or the keystore password is incorrect.
If you enable SSL and try to connect from an integration server that hosts WebSphere eXtreme Scale server components, the connection fails with a detailed exception message, BIP7144, which explains why the connection failed. If an SSL handshake exception occurs, the message flow fails and the exception message BIP7147 is issued.