SSL Configuration for Coherence Extend Client Proxy Server Communications (Doc ID 2781004.1)

Last updated on JUNE 14, 2023

Applies to:

Goal

Customer reported that they are trying to secure the Coherence client and proxy connections using SSL. They have few queries as follows:

• Can SSL changes be done in server side first and then in client in staggered manner. i.e., Can non-ssl coherence client connect to ssl coherence server?
• Is there a property to turn SSL on and off in runtime?
• As per the Oracle document, it has steps only to create the server.jks. Can you please let us know how to create the client.jks?

o For development purpose, it is stated that both trust.jks and server.jks can be the same file. How about for production environment can we have self-signed certificate to have same trust.jks and server.jks to be same or should we have to create a separate trust.jks certificate.
o If the recommended solution is to use the certificate signed by CA and then how will it work for future upgrades. For example, if the CA signed certificate will have 2 years expiry and therefore we need to migrate both client and server to update the renewed certificate. Can this be upgraded one at a time meaning that server updated with renewed certificate and client with old certificate and once server is stable then move the client with renewed certificate?

• Instead of using a custom ssl, is it possible to have any predefined ssl socket provider? Does that still need server.jks and trust.jks ? Can you please let us know which approach is easy and feasible?
• We are trying to secure the Coherence client and proxy connections using SSL. We have few queries. Kindly help to clarify it.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.