You can configure Transport Layer Security (TLS) for the WebSphere® eXtreme Scale
Client for .NET.
Procedure
- Optional: Using the keytool utility, extract
the public certificate from the key.jks file that you configured for the server.
keytool -export -alias myalias -keystore key.jks -file public.cer -storepass password
Import this public key into the Windows Certificate store with the Certificate Management Tool,
certmgr.msc, to import the key into the ‘Trusted Root
Certification Authority’ or ‘Trusted People’ certificate folder.
(The
keyStore property in the
client.properties file can point to this file)
- Edit the Client.Net.properties file
to include the following property values:
securityEnabled=true
credentialAuthentication=supported
authenticationRetryCount=3
credentialGeneratorAssembly=IBM.WebSphere.Caching.CredentialGenerator,Version=8.6.0.0,
Culture=neutral,PublicKeyToken=b439a24ee43b0816
credentialGeneratorProps=manager manager1
transportType=ssl-required
publicKeyFile=<name>.cer
The value of the credentialGeneratorProps property,
manager manager1 is used as the user name and password
values that are supplied to the server in the Credential object.
The publicKeyFile property is set as a relative
path to the .NET run time. If the publicKeyFile property is not set, the Windows certificate store is searched for
the public.cer file. If the publicKeyFile property is set, then the specified file is used for the SSL public
certificate file. If the specified file cannot be found, the .NET
client attempts to find a matching public.cer file in the certificate store.
- Optional: Encode the value
of the credentialGeneratorProps property.
To encode the
property value, transfer your
Client.Net.properties file to a computer with a Java-based
WebSphere eXtreme Scale
Client or server installation. Run the
FilePasswordEncoder utility to encode the credentialGeneratorProps property:
FilePasswordEncoder.bat Client.Net.Properties credentialGeneratorProps
When you run this utility on a properties file, all comments within
the file are deleted.
For more information about
the FilePasswordEncoder utility, see Storing security artifacts in stand-alone environments.
- Copy the net_client_home\IBM.WebSphere.Caching.CredentialGenerator.dll to the net_client_home\sample\SimpleClient\bin\<ConfigurationName> directory
- Build the sample with the ConfigurationName project context. Run the sample against your server.