GridServer SSL Implementation

book

Article ID: KB0074655

calendar_today

Updated On:

Products	Versions
TIBCO DataSynapse GridServer	6.3.0, 6.3.1, 7.0.0

Description

Tomcat bundled with GridServer uses the APR connector with the OpenSSL SSL implementation, and the NIO connector which can use both the OpenSSL and the JSSE SSL implementations. The JSSE configuration is different than the default server.xml connector configuration. These configuration changes are outlined in this article.

Issue/Introduction

How to configure GridServer to use JSSE SSL implementation instead of OpenSSL

Resolution

To use the JSSE implementation, the configuration uses a keystore instead of a crt/key combination. The gridserver documentation covers the SSL configuration using the crt/key combination. It is possible to convert the crt/key combination to a keystore.

For example using the following command (more information can be found in the Tomcat SSL guides):

openssl pkcs12 -export -in server.crt -inkey server.key -out keystore.p12 -name server

GS 6.3.1 uses the NIO Connector by default with the JSSE implementation. This configuration should also work for GS 6.3.0 and GS 7.0.0. The default JSSE and OpenSSL connector configurations are listed below.

Additional Information

OpenSSL SSL Connector

<Connector port="8443"
    enableLookups="false"
SSLEnabled="true"
scheme="https"
secure="true"
SSLProtocol="TLSv1.1"
SSLCertificateFile="${catalina.base}/certs/server.crt"
SSLCertificateKeyFile="${catalina.base}/certs/server.key"
maxThreads="300"
/>

JSSE SSL connector
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
    sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
    keystoreFile="${catalina.base}/certs/server.keystore"
    port="8443"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    maxThreads="100"
    SSLPassword="changeit"
/>

Feedback

thumb_up Yes

thumb_down No

Welcome to "KB Articles"