geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dbar...@apache.org
Subject geode-native git commit: GEODE-2486 Developer can use encrypted ciphers. Remove an obsolete file, add a copyright header to a new file.
Date Fri, 24 Feb 2017 23:23:04 GMT
Repository: geode-native
Updated Branches:
  refs/heads/develop aeba76554 -> 98b69468f


GEODE-2486 Developer can use encrypted ciphers. Remove an obsolete file, add a copyright header
to a new file.


Project: http://git-wip-us.apache.org/repos/asf/geode-native/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode-native/commit/98b69468
Tree: http://git-wip-us.apache.org/repos/asf/geode-native/tree/98b69468
Diff: http://git-wip-us.apache.org/repos/asf/geode-native/diff/98b69468

Branch: refs/heads/develop
Commit: 98b69468f7093c38f357ca671fd08711390020c0
Parents: aeba765
Author: Dave Barnes <dbarnes@pivotal.io>
Authored: Fri Feb 24 15:23:02 2017 -0800
Committer: Dave Barnes <dbarnes@pivotal.io>
Committed: Fri Feb 24 15:23:02 2017 -0800

----------------------------------------------------------------------
 .../security/ssl-setup.html.md.erb              | 136 -------------------
 .../security/sslclientserver.html.md.erb        |  17 +++
 2 files changed, 17 insertions(+), 136 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode-native/blob/98b69468/docs/geode-native-docs/security/ssl-setup.html.md.erb
----------------------------------------------------------------------
diff --git a/docs/geode-native-docs/security/ssl-setup.html.md.erb b/docs/geode-native-docs/security/ssl-setup.html.md.erb
deleted file mode 100644
index aba5c69..0000000
--- a/docs/geode-native-docs/security/ssl-setup.html.md.erb
+++ /dev/null
@@ -1,136 +0,0 @@
----
-title:  Set Up OpenSSL
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements.  See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License.  You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-The open-source OpenSSL toolkit provides a full-strength general purpose cryptography library
to operate along with the PKCS sample implementation for encrypted authentication of native
client credentials.
-
-Follow these instructions to download and install OpenSSL for your specific operating system.
-
-The native client requires OpenSSL 1.0.1t or later. For Windows platforms, you can use either
the regular or the OpenSSL 1.0.1t "Light" version.
-
-**Note:**
-If you use Cygwin, it is recommended that you do not use the OpenSSL library that comes with
Cygwin because it is built with `cygwin.dll` as a dependency.
-
-## Step 1. Download and install OpenSSL
-
-### <a id="security__section_5C95C2E4D9244B27BF8FD178E402D993" class="no-quick-link"></a>Linux
-
-Download the OpenSSL tarball archive from the OpenSSL web site at [http://www.openssl.org/source/](http://www.openssl.org/source/).
Copy the downloaded tarball file into `NativeClient_xxxx/templates/security/openssl/Linux`
and run `buildit.sh`.
-
-### <a id="security__section_93651F296C1A4EA5A3FA045EC15FB506" class="no-quick-link"></a>Solaris
-
-Download the OpenSSL tarball archive from the OpenSSL web site at [http://www.openssl.org/source/](http://www.openssl.org/source/).
Copy the downloaded tarball file into `NativeClient_xxxx/templates/security/openssl/SunOS`
and run `buildit.sh`.
-
-### <a id="security__section_68961A8829D44BFB8F542F3317464E5E" class="no-quick-link"></a>Windows
-
-Download the installer for OpenSSL from [http://www.openssl.org/related/binaries.html](http://www.openssl.org/related/binaries.html).
You can also use the OpenSSL "Light" version.
-
-Use the downloaded OpenSSL installer to install it on Windows. You can usually accept the
default installation path (`C:\OpenSSL`).
-
-
-## Step 2. Create keystores
-
-The Geode server requires keys and keystores in the Java Key Store (JKS) format while the
native client requires them in the clear PEM format. Thus you need to be able to generate
private/public keypairs in either format and convert between the two using the `keytool` utility
and the `openssl` command.
-
-There are public third party free tools and source code available to download such as the
"KeyTool IUI" tool.
-
-
-## Step 3. Configure environment variables
-
-Configure your system environment to build and run OpenSSL. Follow the environment setup
that applies to your operating system.
-
-### <a id="security__section_6C173D0D8C8343EA92961C954032E2CA" class="no-quick-link"></a>Bourne
and Korn shells (sh, ksh, bash)
-
-<code>
-% OPENSSL=_parent-folder-for-openssl-binaries_; export OPENSSL<br />
-% GFCPP=_product-dir_; export GFCPP<br />
-% LD\_LIBRARY\_PATH=$LD\_LIBRARY\_PATH:$GFCPP/lib:$GFCPP/ssl\_libs:$OPENSSL/lib<br />
-% export LD\_LIBRARY\_PATH<br />
-% CLASSPATH=$GEMFIRE/lib/gfSecurityImpl.jar:$CLASSPATH
-</code>
-
-### <a id="security__section_76CF86EDC2234BA6BF7DA6E253C71F61" class="no-quick-link"></a>Windows
-
-<code>
-\> set GFCPP=_product-dir_<br />
-\> set OPENSSL=_path-to-installed-openssl_<br />
-\> set PATH=_path-to-jdk-or-jre_\bin;%GFCPP%\bin;%GFCPP%\ssl\_libs;%OPENSSL%\bin;%PATH%<br
/>
-\> set CLASSPATH=_path-to-gemfire-installation_\lib\gfSecurityImpl.jar;%CLASSPATH%
-</code>
-
-where <code>_path-to-installed-openssl_</code> is typically `C:\OpenSSL>`.
-
-## Step 4. Configure SSL properties in gfcpp.properties and gemfire.properties
-
-Configure SSL properties.
-
-1.  In `gfcpp.properties`, set `ssl-enabled` to true and set `ssl-keystore` and `ssl-truststore`
to point to your keystore files. See [Security-Related System Properties (gfcpp.properties)](security-systemprops.html#security)
for a description of these properties.
-2.  On each locator, enable SSL and set the following SSL properties in the locator’s `gemfire.properties`
file:
-
-    ``` pre
-    ssl-enabled-components=server,locator
-    ssl-protocols=any
-    ssl-ciphers=SSL_RSA_WITH_NULL_SHA
-    ```
-
-
-## Step 5. Start and stop the client and server
-
-Before you start and stop the client and server, make sure you configure the native client
with the SSL properties as described and with the servers or locators specified as usual.
-
-Specifically, ensure that:
-
--   OpenSSL and ACE\_SSL `DLL`s locations are in the right environment variables for your
system: `PATH` for Windows, and `LD_LIBRARY_PATH` for Unix.
--   You have generated the keys and keystores.
--   You have set the system properties.
-
-For details on stopping and starting locators and cache servers with SSL, see [Starting Up
and Shutting Down Your System](geodeman/configuring/running/starting_up_shutting_down.html).
-
-**Example locator start command**
-
-Ensure that all required SSL properties are configured in your server's `gfsecurity.properties`
file. Then start your locator as follows:
-
-``` pre
-gfsh>start locator --name=my_locator --port=12345 --dir=. \
---security-properties-file=/path/to/your/gfsecurity.properties
-```
-
-**Example locator stop command**
-
-``` pre
-gfsh>stop locator --port=12345 \
---security-properties-file=/path/to/your/gfsecurity.properties
-```
-
-**Example server start command**
-
-Again, ensure that all required SSL properties are configured in `gfsecurity.properties`.
Then start the server with:
-
-``` pre
-gfsh>start server --name=my_server --locators=hostname[12345] \
---cache-xml-file=server.xml --log-level=fine \
---security-properties-file=/path/to/your/gfsecurity.properties
-```
-
-**Example server stop command**
-
-``` pre
-gfsh>stop server --name=my_server
-```

http://git-wip-us.apache.org/repos/asf/geode-native/blob/98b69468/docs/geode-native-docs/security/sslclientserver.html.md.erb
----------------------------------------------------------------------
diff --git a/docs/geode-native-docs/security/sslclientserver.html.md.erb b/docs/geode-native-docs/security/sslclientserver.html.md.erb
index 2614a46..6fd9ba7 100644
--- a/docs/geode-native-docs/security/sslclientserver.html.md.erb
+++ b/docs/geode-native-docs/security/sslclientserver.html.md.erb
@@ -2,6 +2,23 @@
 title:  SSL Client/Server Communication
 ---
 
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
 This section describes how to configure OpenSSL, implement SSL-based communication between
your clients and servers, and run clients and servers with SSL enabled.
 
 # Set Up OpenSSL


Mime
View raw message