Securing grid proxy connections

The grid proxy protocol used by clients for programmatic access to the grid can be configured to run over SSL (TLSv1). The grid server authenticates with the key material in the server keystore. The connection allows client authentication but does not require it. If client authentication is desired (and the client application supports it) use a grid client keystore. The client keystore can be generated with CLI (see Managing certificates and identities with Grid CLI), or using the Grid Certificate Management UI.

To configure SSL for grid proxy clients

  1. Access the Grid Management Pages and select Configuration in the top menu followed by the Routers tab.
  2. Select the router you wish to configure.
  3. Click Edit.
  4. Check the Encryption option. SSL will now be in use for grid proxy connections to the port indicated by the Port setting.
  5. To enable specific cipher suites for the SSL connection, click Set Ciphers.... Use the Cipher Selection dialog box to specify the desired ciphers. The format of the cipher suites are those specified in the Java Cryptography Architecture Standard Algorithm Name Documentation, for example TLS_RSA_ WITH_AES_128_CBC_SHA. The dialog box allows inclusion and exclusion of each of the components of the cipher suites.

    See SSL ciphers for HTTPS and proxy connections for further information about cipher suites in the Grid.

  6. Click Apply.