[geode-native] branch develop updated: GEODE-4728: Docs - SSL configuration

Fri, 11 May 2018 15:26:11 -0700 

This is an automated email from the ASF dual-hosted git repository.

dbarnes pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode-native.git


The following commit(s) were added to refs/heads/develop by this push:
     new 6aede67  GEODE-4728: Docs - SSL configuration
6aede67 is described below

commit 6aede67c20ea1856e2d545ad512a424787a5daee
Author: Dave Barnes <[email protected]>
AuthorDate: Thu May 10 10:57:25 2018 -0700

    GEODE-4728: Docs - SSL configuration
---
 .../configuring/sysprops.html.md.erb               | 18 ++++----------
 .../security/sslclientserver.html.md.erb           | 28 +++++++++-------------
 2 files changed, 16 insertions(+), 30 deletions(-)

diff --git a/docs/geode-native-docs/configuring/sysprops.html.md.erb 
b/docs/geode-native-docs/configuring/sysprops.html.md.erb
index 66e950c..1bf3fff 100644
--- a/docs/geode-native-docs/configuring/sysprops.html.md.erb
+++ b/docs/geode-native-docs/configuring/sysprops.html.md.erb
@@ -245,6 +245,8 @@ When the chunk handler is not operative 
(enable-chunk-handler=false), each appli
 
 The table describes the security-related system properties for native client 
authentication and authorization.
 
+See [SSL Client/Server Communication](../security/sslclientserver.html).
+
 <table>
 <caption><span class="tablecap">System Properties for Client Authentication 
and Authorization</span></caption>
 <thead>
@@ -272,7 +274,7 @@ The table describes the security-related system properties 
for native client aut
 </tr>
 <tr class="even">
 <td><code class="ph codeph">security-client-kspath</code></td>
-<td>Path to a .pem file, which contains the public certificates for all Geode 
cache servers to which the client can connect through specified endpoints.</td>
+<td>Path to a .PEM file, which contains the public certificates for all Geode 
cache servers to which the client can connect through specified endpoints.</td>
 <td>null</td>
 </tr>
 <tr class="odd">
@@ -280,11 +282,6 @@ The table describes the security-related system properties 
for native client aut
 <td>Password for the public key file store on the client.</td>
 <td></td>
 </tr>
-<tr class="even">
-<td><code class="ph codeph">security-keystorepath</code></td>
-<td>Path to the public keystore.</td>
-<td></td>
-</tr>
 <tr class="odd">
 <td><code class="ph codeph">security-alias</code></td>
 <td>Alias name for the key in the keystore.</td>
@@ -295,14 +292,9 @@ The table describes the security-related system properties 
for native client aut
 <td>Sets the password for the password-protected keystore.</td>
 <td></td>
 </tr>
-<tr>
-<td><code class="ph codeph">ssl-cipher</code></td>
-<td>List of SSL ciphers in the form of a comma-separated list.</td>
-<td>"any"</td>
-</tr>
 <tr class="odd">
 <td><code class="ph codeph">ssl-enabled</code></td>
-<td>True if ssl connection support is enabled.</td>
+<td>True if SSL connection support is enabled.</td>
 <td>empty</td>
 </tr>
 <tr class="even">
@@ -312,7 +304,7 @@ The table describes the security-related system properties 
for native client aut
 </tr>
 <tr class="odd">
 <td><code class="ph codeph">ssl-keystore-password</code></td>
-<td>Sets the password for the private key PEM file for SSL.</td>
+<td>Sets the password for the private key .PEM file for SSL.</td>
 <td>null</td>
 </tr>
 <tr class="even">
diff --git a/docs/geode-native-docs/security/sslclientserver.html.md.erb 
b/docs/geode-native-docs/security/sslclientserver.html.md.erb
index ac9e48f..a9785a0 100644
--- a/docs/geode-native-docs/security/sslclientserver.html.md.erb
+++ b/docs/geode-native-docs/security/sslclientserver.html.md.erb
@@ -68,21 +68,15 @@ where _jdk-or-jre-path_ is the directory in which Java is 
installed.
 ## Step 3. Configure SSL properties in client and server properties files
 
 Configure SSL properties. For details on the SSL properties available, see 
"Managing > Security >
-SSL > Configuring SSL" in the server User Guide.  
+SSL > Configuring SSL" in the [_<%=vars.product_name%> User's 
Guide_](/serverman/about_<%=vars.product_name.downcase%>.html).  
 
-On the client, the list of enabled components reflects the server’s 
configuration so the client
-knows how it is expected to communicate with (for example) servers and 
locators. Paths to keystore
-and truststore are local to the client.
+1.  On the client, set `ssl-keystore` and `ssl-truststore` to point to your 
keystore files. Paths to the keystore and truststore are local to the client.
+See [Security-Related System Properties](security-systemprops.html#security) 
for a description of these properties.
 
-1.  In your client properties file (usually `gemfire.properties`), set 
`ssl-enabled-components` to appropriate values (for example, `server,locator`) 
and set `ssl-keystore` and `ssl-truststore` to point to your keystore files. 
See [Security-Related System Properties 
(gemfire.properties)](security-systemprops.html#security) for a description of 
these properties.
-2.  On each locator, enable SSL and set the following SSL properties in the 
locator’s properties file (usually `gemfire.properties`, but on the locator's 
host):
+1.  On the client, set `ssl-enabled` to `true`. 
 
-    ```
-    ssl-enabled-components=server,locator
-    ssl-protocols=any
-    ssl-ciphers=SSL_RSA_WITH_NULL_SHA
-    ```
-    Make sure your choice of cipher matches a cipher supported on the server.
+1.  On the server, enable SSL for the `locator` and `server` components, as 
the SSL-enabled client
+must be able to communicate with both locators and servers.
 
 # Starting and stopping the client and server with SSL in place
 
@@ -99,28 +93,28 @@ For details on stopping and starting locators and cache 
servers with SSL, see [S
 
 **Example locator start command**
 
-Ensure that all required SSL properties are configured in your server's 
`gemfire.properties` file. Then start your locator as follows:
+Ensure that all required SSL properties are configured in your server's 
`geode.properties` file. Then start your locator as follows:
 
 ``` pre
 gfsh>start locator --name=my_locator --port=12345 --dir=. \
---security-properties-file=/path/to/your/gemfire.properties
+--security-properties-file=/path/to/your/geode.properties
 ```
 
 **Example locator stop command**
 
 ``` pre
 gfsh>stop locator --port=12345 \
---security-properties-file=/path/to/your/gemfire.properties
+--security-properties-file=/path/to/your/geode.properties
 ```
 
 **Example server start command**
 
-Again, ensure that all required SSL properties are configured in 
`gemfire.properties`. Then start the server with:
+Again, ensure that all required SSL properties are configured in 
`geode.properties`. Then start the server with:
 
 ``` pre
 gfsh>start server --name=my_server --locators=hostname[12345] \
 --cache-xml-file=server.xml --log-level=fine \
---security-properties-file=/path/to/your/gemfire.properties
+--security-properties-file=/path/to/your/geode.properties
 ```
 
 **Example server stop command**

-- 
To stop receiving notification emails like this one, please contact
[email protected].

Reply via email to