<html>
<head>
<base href="https://docs.jboss.org/author">
<link rel="stylesheet" href="/author/s/en/2172/19/5/_/styles/combined.css?spaceKey=TEIID&forWysiwyg=true" type="text/css">
</head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
<h2><a href="https://docs.jboss.org/author/display/TEIID/SSL+Client+Connections">SSL Client Connections</a></h2>
<h4>Page <b>edited</b> by <a href="https://docs.jboss.org/author/display/~shawkins">Steven Hawkins</a>
</h4>
<br/>
<h4>Changes (1)</h4>
<div id="page-diffs">
<table class="diff" cellpadding="0" cellspacing="0">
<tr><td class="diff-snipped" >...<br></td></tr>
<tr><td class="diff-unchanged" > <br># <br></td></tr>
<tr><td class="diff-added-lines" style="background-color: #dfd;"># The key password(not required, used if the key password is different than the keystore password) <br># <br> <br>#org.teiid.ssl.keyPassword= <br> <br># <br></td></tr>
<tr><td class="diff-unchanged" ># The classpath or filesystem location of the <br># trust store. <br></td></tr>
<tr><td class="diff-snipped" >...<br></td></tr>
</table>
</div> <h4>Full Content</h4>
<div class="notificationGreySide">
<h1><a name="SSLClientConnections-ClientSSLSettings"></a>Client SSL Settings</h1>
<p>The following sections define the properties required for each SSL mode. Note that when connecting to Teiid Server with SSL enabled, you <em>MUST</em> use the <em>"mms"</em> protocol, instead of "mm" in the JDBC connection URL, for example</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">
jdbc:teiid:<myVdb>@mms://<host>:<port>
</pre>
</div></div>
<p>There are two different sets of properties that a client can configure to enable 1-way or 2-way SSL. See also the <a href="/author/display/TEIID/Teiid+Server+SSL" title="Teiid Server SSL">Teiid Server SSL</a> chapter if you are responsible for configuring the server as well.</p>
<h3><a name="SSLClientConnections-Option1%3AJavaSSLproperties"></a>Option 1: Java SSL properties</h3>
<p>These are standard Java defined system properties to configure the SSL under any JVM, Teiid is not unique in its use of SSL. Provide the following system properties to the client VM process.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader" style="border-bottom-width: 1px;"><b>1-way SSL</b></div><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">-Djavax.net.ssl.trustStore=<dir>/server.truststore (required)
-Djavax.net.ssl.trustStorePassword=<password> (optional)
-Djavax.net.ssl.keyStoreType (optional)</pre>
</div></div>
<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader" style="border-bottom-width: 1px;"><b>2-way SSL</b></div><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">-Djavax.net.ssl.keyStore=<dir>/client.keystore (required)
-Djavax.net.ssl.keyStrorePassword=<password> (optional)
-Djavax.net.ssl.trustStore=<dir>/server.truststore (required)
-Djavax.net.ssl.trustStorePassword=<password> (optioanl)
-Djavax.net.ssl.keyStroreType=<keystore type> (optional)</pre>
</div></div>
<h3><a name="SSLClientConnections-Option2%3ATeiidSpecificProperties"></a>Option 2: Teiid Specific Properties</h3>
<p>Use this option for <em>anonymous</em> mode or when the above "javax" based properties are already in use by the host process. For example if your client application is a Tomcat process that is configured for https protocol and the above Java based properties are already in use, and importing Teiid-specific certificate keys into those https certificate keystores is not allowed.</p>
<p>In this scenario, a different set of Teiid-specific SSL properties can be set as system properties or defined inside the a "teiid-client-settings.properties" file. A sample "teiid-client-settings.properties" file can be found inside the "teiid-<version>-client.jar" file at the root called "teiid-client-settings.orig.properties". Extract this file, make a copy, change the property values required for the chosen SSL mode, and place this file in the client application's classpath before the "teiid-<version>-client.jar" file.</p>
<p>SSL properties and definitions that can be set in a "teiid-client-settings.properties" file are shown below.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">
########################################
# SSL Settings
########################################
#
# The key store type. Defaults to JKS
#
org.teiid.ssl.keyStoreType=JKS
#
# The key store algorithm, defaults to
# the system property "ssl.TrustManagerFactory.algorithm"
#
#org.teiid.ssl.algorithm=
#
# The classpath or filesystem location of the
# key store.
#
# This property is required only if performing 2-way
# authentication that requires a specific private
# key.
#
#org.teiid.ssl.keyStore=
#
# The key store password (not required)
#
#org.teiid.ssl.keyStorePassword=
#
# The key alias(not required, if given named certificate is used)
#
#org.teiid.ssl.keyAlias=
#
# The key password(not required, used if the key password is different than the keystore password)
#
#org.teiid.ssl.keyPassword=
#
# The classpath or filesystem location of the
# trust store.
#
# This property is required if performing 1-way
# authentication that requires trust not provided
# by the system defaults.
#
#org.teiid.ssl.trustStore=
#
# The trust store password (not required)
#
#org.teiid.ssl.trustStorePassword=
#
# The cipher protocol, defaults to SSLv3
#
org.teiid.ssl.protocol=SSLv3
#
# Whether to allow anonymous SSL
# (the TLS_DH_anon_WITH_AES_128_CBC_SHA cipher suite)
# defaults to true
#
org.teiid.ssl.allowAnon=true
</pre>
</div></div>
<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader" style="border-bottom-width: 1px;"><b>1-way SSL</b></div><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">
org.teiid.ssl.trustStore=<dir>/server.truststore (required)
</pre>
</div></div>
<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader" style="border-bottom-width: 1px;"><b>2-way SSL</b></div><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">
org.teiid.ssl.keyStore=<dir>/client.keystore (required)
org.teiid.ssl.trustStore=<dir>/server.truststore (required)
</pre>
</div></div>
<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader" style="border-bottom-width: 1px;"><b>Anonymous</b></div><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">
org.teiid.ssl.trustStore=NONE
</pre>
</div></div>
</div>
<div id="commentsSection" class="wiki-content pageSection">
<div style="float: right;" class="grey">
<a href="https://docs.jboss.org/author/users/removespacenotification.action?spaceKey=TEIID">Stop watching space</a>
<span style="padding: 0px 5px;">|</span>
<a href="https://docs.jboss.org/author/users/editmyemailsettings.action">Change email notification preferences</a>
</div>
<a href="https://docs.jboss.org/author/display/TEIID/SSL+Client+Connections">View Online</a>
|
<a href="https://docs.jboss.org/author/pages/diffpagesbyversion.action?pageId=18646134&revisedVersion=11&originalVersion=10">View Changes</a>
|
<a href="https://docs.jboss.org/author/display/TEIID/SSL+Client+Connections?showComments=true&showCommentArea=true#addcomment">Add Comment</a>
</div>
</div>
</div>
</div>
</div>
</body>
</html>