THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
ssl-require-authentication-components=[all, cluster, server, gateway, locator, http, jmxtrue,false] (default "true") – all component except http will be goverend by this setting
ssl-http-require-authentication=[true,false] (default "all")false") – the http service (REST) can disable/enable mutual SSL authentication, due to the nature of how users use HTTP.
ssl-certificatedefault-alias=[empty,string] (default - use first cert in keystore)
ssl-certificate-password=[empty,string]ssl-protocols=space comma separated list (default "any")
ssl-ciphers=space comma separated list (default "any")
...
ssl-<component name>-certificate-alias=string e.g ssl-<component name>-certificate-password=string-server-alias, ssl-jmx-alias
Example: secure communications throughout
...
If the key store has multiple certificates you may want to specify the alias of the one you wish to use for each process. For instance,
ssl-certificatedefault-alias=Hirokissl-certificate-password=changeit
Example: non-secure cluster communications, secure client/server
...
ssl-enabled-components=server,locator NOTE: cluster SSL not enabled
ssl-server-certificate-alias=server
ssl-keystore=secure/keystore.dat
...
ssl-enabled-components=locator NOTE: cluster SSL not enabled
ssl-locator-certificate-alias=locator
ssl-keystore=secure/keystore.dat
...
Should each component have an option to enable/disable ssl-require-authentication? All components except HTTP should generally NOT disable mutual authentication. This would promote non-authenticated servers/clients connecting to the system. This is a security hole that we need the user to be aware of if they want to disable mutual authentication.
Most Most HTTP services, for instance, don't require client authentication.
Resolution: new settings setting added.... ssl-http-require-authentication