Developing an App Under TLS

Apps that connect to a TLS-enabled PCC service instance must set properties to configure the communication with the Pivotal GemFire components within the PCC service instance.

Ensure that the cluster-level prerequisite step of Preparing for TLS has been completed.

For the app, setting the GemFire property ssl-require-authentication to false causes one-way authentication of the GemFire component to the app.

For a Spring Data GemFire app with a Spring Data GemFire library dependency of 2.2.0.BUILD-SNAPSHOT or a more recent version, attach the @EnableSsl annotation to your configuration class to enable the TLS encryption for all GemFire components. Also set these GemFire properties:

ssl-use-default-context=true
ssl-endpoint-identification-enabled=false
spring.data.gemfire.security.ssl.require.authentication=false

For other apps, the GemFire properties should be

ssl-enabled-components=all
ssl-require-authentication=false
ssl-use-default-context=true
ssl-endpoint-identification-enabled=false

An app may set these properties with the ClientCacheFactory.set() method, prior to creating a ClientCache instance.

The build and cf push of the app does not require any changes to work with a TLS-enabled PCC service instance.