[Java programming language only]

Configuring TLS for data grid applications

You can configure Transport Layer Security (TLS) by modifying or replacing the keystore and truststore, and choosing the certificate alias for your configuration.

Before you begin

About this task

The appliance must trust the clients that are connecting to the data grid. The TLS settings apply to the user interface and data grids. The settings are applied to all of the appliances in the collective.

Procedure

  1. Download the active truststore. In the user interface, click Collective > Settings > Transport Layer Security (TLS). Click Download active truststore, and remember the location that you saved the file on disk, for example in the /downloads/trustStore.jks directory.
  2. If necessary, create a certificate and export the public certificate.
    1. Create a private key in the keystore. The following command creates the key.jks keystore with a key, "ogsample", stored in it. This key.jks keystore is used as the SSL keystore. Run the following command:
       keytool -genkey -alias ogsample -keystore key.jks -storetype JKS -keyalg rsa 
      -dname "CN=ogsample, U=Your Organizational Unit, O=Your Organization, L=Your City, S=Your State, C=Your Country" storepass ogpass -keypass ogpass -validity 3650
    2. Export the public certificate. The following command extracts the public certificate of key "ogsample" and stores the key in the temp.key file.
      keytool -export -alias ogsample -keystore key.jks -file temp.key -storepass ogpass
  3. Add the client certificate to the truststore. Run the keytool tool to import the client public certificate to the truststore.
    keytool -import -noprompt -alias "ogsample" -keystore /downloads/trustStore.jks  
    -file temp.key -storepass xc10pass -storetype jks
  4. Upload truststore information to the appliance. In the user interface, click Appliance > Settings > Transport Layer Security (TLS). Upload the updated /downloads/trustStore.jks file. Click Submit TLS settings to save your configuration.
  5. Update the client.properties file. For more information on where to locate this file and the properties in this file, see Client properties file. Set the following properties in the client.properties file.
    securityEnabled=true
    transportType=SSL-Required
    alias=ogsample
    contextProvider=IBMJSSE2
    protocol=TLS
    keyStoreType=JKS
    keyStore=key.jks
    keyStorePassword=ogpass
    trustStoreType=JKS
    trustStore=/downloads/trustStore.jks
    trustStorePassword=xc10pass

What to do next