Library Version 18.1.32

Enabling SSL for the Server
Prev  Chapter 2. Berkeley DB Server  Next

Enabling SSL for the Server

To enable SSL for a server, you need to setup the appropriate Java key store and/or trust store files and then configure the server to use these key stores.

If you want to authenticate the server so that clients know that they are connecting to the correct server, a key store with the server's private key must be setup on the server. For example, the following command creates a key store keystore.jks containing a generated private/public key pair. 

keytool -genkeypair -alias certificatekey -keyalg RSA \
-validity 7 -keystore keystore.jks

If you want to authenticate clients, a trust store with trusted clients' public keys must be setup on the server. For more information, see Connecting to a Server with SSL.

Once the key store and/or trust store are setup, you should list them in the server configuration file. For example: 

ssl.host=localhost

# Configure the key store for SSL.

ssl.keyStore=keystore.jks
ssl.keyStore.password=<password>

# Configure the trust store for SSL.

#ssl.trustStore=truststore.jks
#ssl.trustStore.password=<password>

For more information on the server configuration file, see Server Configuration File.

Prev  Up  Next
Stopping the server  Home  Configuring the Server