How you configure SSL parameters varies between clients
and servers.
About this task
TLS/SSL is sometimes enabled in one direction. For example,
the server public certificate is imported in the client truststore,
but the client public certificate is not imported to the server truststore.
However, WebSphere® eXtreme Scale extensively
uses data grid agents. A characteristic of a data grid agent is when
the server sends responds back to the client, it creates a connection.
The eXtreme Scale server then acts as a client. Therefore, you must
import the client public certificate into the server truststore.
Procedure
-
Configure client SSL parameters.
Use one of the following options to configure SSL parameters
on the client:
- Create a com.ibm.websphere.objectgrid.security.config.SSLConfiguration
object by using the com.ibm.websphere.objectgrid.security.config.ClientSecurityConfigurationFactory factory
class.
- Configure the parameters in the client.properties file.
You can then either set the property file as a JVM client property
or you can use the WebSphere eXtreme Scale APIs.
Pass the properties file into the ClientSecurityConfigurationFactory.getClientSecurityConfiguration(String) method
for the client and use the returned object as a parameter to the ObjectGridManager.connect(String,
ClientSecurityConfiguration, URL) method.
-
Configure server SSL parameters.
SSL parameters
are configured for servers using the server.properties file.
To start a container or catalog server with a specific property file,
use the -serverProps parameter on the startOgServer ![[Version 8.6 and later]](icons/v86plus.gif)
or startXsServer script.
For more information about the SSL parameters you can set for eXtreme Scale servers, see Security server properties.