Adding SSL
In an environment where connections might be intercepted, or a higher level of authentication is required, adding SSL provides encryption. SSL should be used to enhance basic security.
To add SSL to BigMemory Max, see the BigMemory Max Security Guide.
To add SSL to BigMemory Go
1. Enable SSL on the REST service by setting the managementRESTService element's sslEnabled attribute to "true" in the managed agent's configuration:
<ehcache ...>
...
<managementRESTService enabled="true"
securityServiceLocation="https://localhost:9889/tmc/api/assertIdentity"
sslEnabled="true" />
...
</ehcache>
2. Provide an identity store for the managed agent either at the default location, ${user.home}/.tc/mgmt/keystore, or by setting the store's location with the system property javax.net.ssl.keyStore.
The identity store is where the server-authentication certificate is stored. If the identity store cannot be found, the managed agent fails at startup.
3. Add a password for the managed agent's identity store to its keychain.
The password must be keyed with the identity-store file's URI. Alternatively, set the password with the system property javax.net.ssl.keyStorePassword. If no password is found, the managed agent fails at startup.
4. The JVM running the TMS must have the same server-authentication certificate in one of the following locations:
The default truststore for the JVM (typically the cacerts file)
${user.home}/.tc/mgmt/tms-truststore A location configured with the system property
javax.net.ssl.trustStoreIf a truststore was already set up for the TMS and it contains the required public key, skip this step. For information about setting up the truststore, see
Setting Up a Truststore.
5. If a custom truststore (not cacerts) is designated for the TMS, the truststore password must be included in the TMS keychain.
The password must be keyed with the truststore file's URI. Alternatively, set the password with the system property javax.net.ssl.trustStorePassword.