Welcome to the new Gigaspaces XAP forum. To recover your account, please follow these instructions.

Ask Your Question
0

SSL encrypted space - how?

I am trying to set up our primary-backup clustered space to be SSL encrypted, plus encrypting the connections from clients connecting to the space. Unfortunately, the documentation is sketchy on how to do this. We are using EDG 6.5 and not XAP, thus we have separate clients in their own JVM using IJSpace calls to talk with the space.

http://www.gigaspaces.com/wiki/display/GS/SpaceSSLEncryption detail how to enable SSL encryption for the space. When I follow this method, the log output is different than running without SSL enabled, such as there are no replication and active_election logs. There are no error messages. (assume it's working?) The space does not show up in the GigaSpaces Management Center EDG 6.5.1 ga Edition, but I can see the group in the Discovery Group settings. I guess if I can set the keystore and keystore password it would work, but how?

I've tried setting javax.net.ssl.trustStore, javax.net.ssl.keystore, and javax.net.ssl.keyStorePassword. But that doesn't work. Same for our clients. How do I enable my clients to connect to my SSL encrypted clustered space?

http://www.gigaspaces.com/wiki/display/XAP66/SSLEncryptionSupport has some new SSL Encryption info for 6.6 (and it says 6.5 also). I've tried that without luck either.

I've retried generating new certificates/etc with new keystore/truststores without luck.

What is the proper and preferred method to SSL encrypt the clustered space and the connects to the space from our clients?

Thanks in advance,
Bill

Attachments

  1. ssl.rar

This thread was imported from the previous forum.
For your reference, the original is available here

asked 2008-10-03 13:20:39 -0500

wgreene9617's avatar

updated 2013-08-08 09:52:00 -0500

jaissefsfex's avatar
edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

The SSLFilterFactory with 6.6 should work.
We did had issues with SSL with previous versions.
Can you provide details about the problems you face when using 6.6 ?
Shay

answered 2008-10-03 13:44:19 -0500

shay hassidim's avatar
edit flag offensive delete link more

Comments

We are running 6.5 and not 6.6. Setting com.gs.lrmi.filter.* properties does not seem to have an effect.

wgreene9617's avatar wgreene9617  ( 2008-10-06 10:42:55 -0500 )edit

Hi,

Can you please move to 6.6, which is fully compatible with 6.5 - the new filter based SSL implementation is part of 6.6.

Thanks,
Guy

nirpaz's avatar nirpaz  ( 2008-10-06 11:05:19 -0500 )edit

Ok, we've moved to XAP 6.6. The lrmi.filter properties work for running our space and clients SSL encrypted.

Thanks, Bill

wgreene9617's avatar wgreene9617  ( 2008-10-08 10:40:04 -0500 )edit
0

Hi Bill. I prepared a small sample of space and client that use SSL. Please follow the instructions in the ReadMe.txt file. It is important to set the SSL system properties.

Please note that SSL or any other communication filter is enable/disable at JVM level and that any other process that wish to communicate with space that using SSL should use SSL as well. this includes clients of any kind and lookup services.

I added the attache file to the WIKI as well.

Please let me know if you having more problems with this issue.

Thanks. Barak. h4. Attachments

[ssl.rar|/upfiles/1375971519849944.txt]

answered 2008-10-05 07:39:06 -0500

barak's avatar
edit flag offensive delete link more

Comments

This is a snipit of the console log when running SSLServer. I output the properties first just to be sure they are there. But as you can see I'm not getting any information in the System Environment summary mentioning the SSLFilterFactory. Is the example you have me for Gigaspaces 6.6 and not 6.5? We are running 6.5.

com.gs.lrmi.filter.factory = com.gigaspaces.lrmi.nio.filters.SSLFilterFactory com.gs.lrmi.filter.security.keystore = /Users/billg/Development/Gigaspaces/keystore.ks com.gs.lrmi.filter.security.password = password Oct 6, 2008 11:27:04 AM INFO [com.gigaspaces.container]:

System Environment: System: OS Version: 10.5.5 Architecture: i386 OS Name: Mac OS X Number Of Processors: 2 J2SE Support: VM Vendor: Apple Inc. Using Java Home: /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home Java(TM) 2 Runtime Environment, Standard Edition Java HotSpot(TM) Client VM (build 1.5.0_16-133 ) JVM Memory: Max Heap Size (KB): 65088 Current Allocated Heap Size (KB): 1128 Network Interfaces Information: Host Name: [ drwho.cipheroptics.com ] Network Interface Name: vmnet1 / vmnet1 IP Address: 172.16.175.1 Network Interface Name: vmnet8 / vmnet8 IP Address: 172.16.69.1 Network Interface Name: en0 / en0 IP Address: 192.168.1.109 IP Address: fe80:0:0:0:21b:63ff:fe93:5430%4 Network Interface Name: lo0 / lo0 IP Address: 127.0.0.1 IP Address: 0:0:0:0:0:0:0:1 IP Address: fe80:0:0:0:0:0:0:1%1 GigaSpaces Platform: Edition: EDG 6.5.0 ga Build: 2352 Jar Spec: 1.5 Home: /Users/billg/Documents/workspace/DeepSpace/tools/GigaSpaces/

wgreene9617's avatar wgreene9617  ( 2008-10-06 10:39:04 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2008-10-03 13:20:39 -0500

Seen: 223 times

Last updated: Oct 05 '08