HTTPS/SSL Certificates

When a grid client connects to the grid using HTTPS, the default behavior is server authentication only. The server (that is, the grid host) authenticates to the client using the SSL certificate in https.ks. In order for this authentication to work, the client must trust the signer of this certificate, that is either the grid root certificate or an external CA.

The SSL certificates in https.ks are used by the routers in the grid (the routers are the HTTPS endpoints). It is not necessary (or even possible) to have separate certificates per web service. The grid web services are not aware of the certificates in the routers.

It is recommended to have the client browser either trust the grid root certificate, or use SSL certificates signed by a CA already trusted by the client browsers. For more information, see Grid-signed vs. CA-signed Certificates.

Note: The administrative router has a separate https keystore with a grid-signed certificate. This keystore cannot be manually changed. For grid access that requires externally signed certificates, ensure not to use the admin router.