Securing Grid Proxy Connections

The grid proxy protocol used by clients for programmatic access to the grid can be configured to run over SSL (TLSv1). The grid server authenticates with the key material in server.ks. The connection allows client authentication but does not require it. If client authentication is desired (and the client application supports it) use a grid client keystore, generated with the console method -create=clientcert (see Console tool guide); or use the Grid Certificate Management UI to generate the client keystore (see Managing SSL client certificates in the Configuration Manager).

To configure SSL for grid proxy clients

  1. Access the Configuration Manager and click the Communication link followed by the Routers link.
  2. Select the router you wish to configure.
  3. Click Edit.
  4. Check the Encryption option. SSL will now be in use for grid proxy connections to the port indicated by the Port setting.
  5. To enable specific cipher suites for the SSL connection, click Set Ciphers.... Use the Cipher Selection dialog box to specify the desired ciphers. The format of the cipher suites are those specified in the Java Cryptography Architecture Standard Algorithm Name Documentation, for example TLS_RSA_WITH_AES_128_CBC_SHA. The dialog box allows inclusion and exclusion of each of the components of the cipher suites.

    See SSL ciphers for HTTPS and proxy connections for more information on the cipher suite selection.