THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
there is a single set of configuration options for SSL keystore, truststore, protocols and cipher-suites
a new "locator" component be added to the mix of cluster, server, http web and gateway components for SSL configuration
SSL can be enabled for all components or for selected components
Each component can be assigned an alias for certificate lookup in the key store. If an alias is not assigned to a component it will use the default certificate in the key store.
...
ssl-enabled-components=[all, cluster, server, gateway, locator, httpweb, jmx]
all = any component being used will have SSL enabled
...
locator = communication between locators
http = hypertext transport protocol web = web-based communication
jmx = java management extension communications
...
ssl-require-authentication=[true,false] (default "true") – all component except http web will be goverend by this setting
ssl-httpweb-require-authentication=[true,false] (default "false") – the http web service (REST) can disable/enable mutual SSL authentication, due to the nature of how users use HTTPthe web.
ssl-default-alias=[empty,string] (default - use first cert in keystore)
...
Should each component have an option to enable/disable ssl-require-authentication? All components except HTTP web should generally NOT disable mutual authentication. This would promote non-authenticated servers/clients connecting to the system. This is a security hole that we need the user to be aware of if they want to disable mutual authentication.
Most HTTP web services, for instance, don't require client authentication. Resolution: new setting added.... ssl-httpweb-require-authentication