6.3. Transport Security Authentication Modes
The following authentication modes are available:
anonymous
- No certificates are exchanged. Settings are not needed for the keystore and truststore properties. The client must have
org.teiid.ssl.allowAnon
set to true (the default) to connect to an anonymous server. Communications are encrypted using the TLS_DH_anon_WITH_AES_128_CBC_SHA SSL cipher suite. This is suitable for most secure intranets. 1-way
- Athenticates the server to the client. The server presents a certificate which is signed by the private key stored in the server's keystore. The server's corresponding public key must be in the client's truststore.
2-way
- Mutual client and server authentication. The server presents a certificate which is signed by the private key stored in the server's keystore. The server's corresponding public key must be in the client's truststore. Additionally, the client presents a certificate signed by its private key stored in the client's keystore. The client's corresponsing public key must be in the server's truststore.
Note
You can use keytool to generate encryption keys; however, you should first consider your local requirements for managing public key cryptography.
See Also: