How to Enable SSL Securing on the Client
Terracotta clients do not require any specific configuration to enable SSL connections to a Terracotta Server Array.
Note:
Script names in the examples given below are for UNIX and Linux systems. Equivalent scripts are available for Microsoft Windows in the same locations. Replace the .sh extension with .bat and convert the path delimiters as appropriate.
To enable SSL security on the client:
Prepend the client username to the address used by the client to connect to the cluster.
This should be the username that will be authenticated followed by an "at" sign ("@") and the address of an active server running in secure mode. The format is <client-username>@<host>:<tsa-port>. Prepending the username automatically causes the client to initiate an SSL connection.
If the client has username client1, for example, and attempts to connect to the server in the configuration example, the address would be:
client1@172.16.254.1:9510
This URI replaces the address <host>:<tsa-port> used to start clients in non-SSL clusters.
The client credentials must be associated with the role "terracotta" or "admin".
If Terracotta servers are using self-signed certificates (not certificates signed by a well-known CA), then you must
specify a truststore for the client that contains the public key of every server in the cluster.