[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [xmlblaster-devel] SSL for master-slave

I ended up putting the certificates for each of the masters in the same
keyStore and set the keystore as the keystore and truststore for my
socket_ssl plugin in xmlBlasterPlugins.xml.  Then I configured the
properties file as follows.  One thing to note: If you leave the callback type as SOCKET, the master and slave won't be able to communicate.

# Configure cluster - how to find mst1 - the master of DOMAIN1 messages:
cluster.node[mst1]=\
   <clusternode id='mst1'>\
      <connect><qos>\
         <address type='socket_ssl'>\
            socket://192.168.100.122:7609\
         </address>\
         <queue relating='callback' type='CACHE' version='1.0' maxEntries='1000' maxBytes='4000' onOverflow='deadMessage'>\
            <callback type='socket_ssl' sessionId='4e56890ghdFzj0'>\
            </callback>\
         </queue>\
      </qos></connect>\
      <master type='DomainToMaster'>\
         <key queryType='DOMAIN' domain='DOMAIN1'/>\
      </master>\
   </clusternode>

# Configure cluster - how to find mst2 - the master of DOMAIN2 messages:
cluster.node[mst2]=\
   <clusternode id='mst2'>\
      <connect><qos>\
         <address type='socket_ssl'>\
            socket://192.168.100.118:7609\
         </address>\
         <queue relating='callback' type='CACHE' version='1.0' maxEntries='1000' maxBytes='4000' onOverflow='deadMessage'>\
            <callback type='socket_ssl' sessionId='4e56890ghdFzj0'>\
            </callback>\
         </queue>\
      </qos></connect>\
      <master type='DomainToMaster'>\
         <key queryType='DOMAIN' domain='DOMAIN2'/>\
      </master>\
   </clusternode>

-----Original Message-----
From: owner-xmlblaster-devel at server.xmlBlaster.org [mailto:owner-xmlblaster-devel at server.xmlBlaster.org] On Behalf Of Marcel Ruff
Sent: Monday, January 30, 2006 12:05 PM
To: xmlblaster-devel at server.xmlBlaster.org
Subject: Re: [xmlblaster-devel] SSL for master-slave

Hi Jonathan,

you have probably already looked into

http://www.xmlblaster.org/xmlBlaster/doc/requirements/protocol.socket.html#SSL1

I haven't used your setup yet.

But all SSL settings are native Java settings, so the JAVA-SUN documentation
should help you further (nothing xmlBlaster specific).

Each clients XmlBlasterAccess instance has a unique Global.java instance
and this can be configured by different '-plugin/socket/trustStore'
settings.
Note: Our code doing this is in
  xmlBlaster/src/java/org/xmlBlaster/util/protocol/socket/SocketUrl.java

Please report your solution to help others,

thanks
Marcel

Jonathan Clark wrote:
>
> I am able to successfully setup the SSL connection(including the 
> socket_ssl address) for the slave to communicate with the master node, 
> but I have been unable to
>
> find the syntax to setup the truststore for the SSL connection.  How 
> would I setup the truststore in the slave properties file so that I 
> can use different truststores
>
> to connect to different masters?
>
>  
>
> Jonathan Clark
>
> Open Roads Consulting, Inc.
>
> 757-546-3401
>
>  
>