This is the recommended method, as it provides the highest level of security. For
this configuration, all nodes of the same type (node or client) should have
certificates with matching DNs, as shown below.
-
Create a keystore and truststore, and copy those to the
<spectruminstallationdirectory>/server/app/conf/certs
folder.
-
Set encryption settings in the server location:
- spectrum.encryption.enabled=true
- spectrum.encryption.selfSignedCert=false
- spectrum.encryption.trustAllHosts=false
- spectrum.encryption.node.keystoreType=pkcs12 or
jks
- spectrum.encryption.node.keystore=node-keystore.p12
- spectrum.encryption.node.keystorePassword=<password>
- spectrum.encryption.node.keystoreAlias=<keystore
alias if one applies>
- spectrum.encryption.node.truststoreType=pkcs12 or
jks
- spectrum.encryption.node.truststore=truststore.p12
- spectrum.encryption.node.truststorePassword=<truststore
password>
- spectrum.encryption.client.keystoreType= pkcs12 or
jks
- spectrum.encryption.client.keystore=client-keystore.p12
- spectrum.encryption.client.keystorePassword=<password>
- spectrum.encryption.client.keystoreAlias=<keystore
alias if one applies>
- spectrum.encryption.client.truststoreType= pkcs12 or
jks
- spectrum.encryption.client.truststore=truststore.p12
- spectrum.encryption.client.truststorePassword=<truststore
password>