BigMemory Max 4.3.5 | Component Documentation | Cross-Language Clients User Guide | Security | Security Between Connector and Client
 
Security Between Connector and Client
Security between the CL Connector and the BigMemory Client
For setting up SSL security between the CL Connector and the BigMemory Client, ensure that the following configurations are in place:
1. The CL Connector's tc-config.xml must contain the necessary security references:
*An L2 keystore with the certificate
*An L2 keychain to open the keystore
*An authentication file, with the user for the CL Connector
For an example tc-config.xml, refer to the configuration example in the BigMemory Max Security Guide.
2. The TSA security files must be in the correct location.
If your tc-config.xml file references relative paths, the security files must be located correctly. For example, if your path is <url>file:keys/keyChain-relative.key</url>, the files must be in the keys subdirectory under the Terracotta server installation.
3. The CL Connector username and a password must be the same as those stored in the TSA's auth file.
The username is stored in the CL Connector's ehcache.xml file, for example:
//non-secured:
<terracottaConfig url="localhost:9510"/>

//secured:
<terracottaConfig url="admin@localhost:9510"/>
The password is stored in the CL Connector's keychain, and the keychain location can be given through a system property. For example:
-Dcom.tc.security.keychain.url=file:/path/to/CrossLanguage/keys/l1keychain.key
4. The cross-lang-config.xml file must indicate the truststore and keystore of the CL Connector:
<?xml version="1.0"?>
<xplatform xmlns="http://www.ehcache.org/xplatform"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=
"http://www.ehcache.org/xplatform ../../main/xsd/xplatform.xsd">

<bind ip="*" port="8199" type="nirvana"/>

<secureinterface>
<keystore location="/path/to/CL-keystore.jks"/>
<truststore location="/path/to/CL-truststore.jks" password="123"/>
</secureinterface>

</xplatform>
The keystore contains the certificate for the security between the BigMemory Client and the CL Connector. The truststore contains the certificate of the TSA, that is, it holds the list of trusted parties you intend to communicate with.
5. Depending upon your security setup, you may need to start the CL Connector with some of the following system properties:
-Dcom.tc.security.keychain.url=file:/path/to/CrossLanguage/keys/l1keychain.key
-DSecretProvider.secret=secret
-Djavax.net.ssl.trustStore=keys/CL-truststore.jks
-Djavax.net.ssl.trustStorePassword=password
-Dtc.ssl.trustAllCerts=true
-Dtc.ssl.disableHostnameVerifier=true
Copyright © 2010 - 2019 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release