Method 1: Configure Spectrum to accept user-provided CA certificates

This is the recommended method, as it provides the highest level of security. For this configuration, all nodes of the same type (node or client) should have certificates with matching DNs, as shown below.

  1. Create a keystore and truststore, and copy those to the <spectruminstallationdirectory>/server/app/conf/certs folder.
  2. Set encryption settings in the server location:
    • spectrum.encryption.enabled=true
    • spectrum.encryption.selfSignedCert=false
    • spectrum.encryption.trustAllHosts=false
    • spectrum.encryption.node.keystoreType=pkcs12 or jks
    • spectrum.encryption.node.keystore=node-keystore.p12
    • spectrum.encryption.node.keystorePassword=<password>
    • spectrum.encryption.node.keystoreAlias=<keystore alias if one applies>
    • spectrum.encryption.node.truststoreType=pkcs12 or jks
    • spectrum.encryption.node.truststore=truststore.p12
    • spectrum.encryption.node.truststorePassword=<truststore password>
    • spectrum.encryption.client.keystoreType= pkcs12 or jks
    • spectrum.encryption.client.keystore=client-keystore.p12
    • spectrum.encryption.client.keystorePassword=<password>
    • spectrum.encryption.client.keystoreAlias=<keystore alias if one applies>
    • spectrum.encryption.client.truststoreType= pkcs12 or jks
    • spectrum.encryption.client.truststore=truststore.p12
    • spectrum.encryption.client.truststorePassword=<truststore password>