Is it possible to configure SSL with PEM certificate types?
Hi all, I'm new to this group and currently working getting an implementation of Gremlin (Aerospike Graph) to listen over SSL.
The certificates we get from our provider's API are only served in PEM format. It appears, according to the documentation that the
keyStoreType and trustStoreType either JKS or PKCS12 format: https://tinkerpop.apache.org/javadocs/current/full/org/apache/tinkerpop/gremlin/server/Settings.SslSettings.html
Is this true? Is there any way for us to configure SSL with PEM format certificates?
The error message when I attempt to set keyStoreType or trustStoreType to PEM makes it appear as though it's defaulting to PKCS12.Solution:Jump to solution
Hi @joshb, am I correct in assuming you are using the Java driver to connect to Aerospike? The java driver uses the JSSE keyStore and trustStore, which as far as I understand does not support the PEM format. You may be able to use a 3rd party tool such as openssl to convert from PEM to PKCS12 (https://docs.openssl.org/1.1.1/man1/pkcs12/).
Perhaps @aerospike folks may have more direct recommendations for driver configuration....
2 Replies
Solution
Hi @joshb, am I correct in assuming you are using the Java driver to connect to Aerospike? The java driver uses the JSSE keyStore and trustStore, which as far as I understand does not support the PEM format. You may be able to use a 3rd party tool such as openssl to convert from PEM to PKCS12 (https://docs.openssl.org/1.1.1/man1/pkcs12/).
Perhaps @aerospike folks may have more direct recommendations for driver configuration.
Hey @ColeGreer - I think the main problem is configuring gremlin-server in a way where it takes in a PEM file, sounds like that doesn't work and the solution is to use something like openssl to convert the PEM to PKS12. Would possibly be a nice feature to wrap that support in gremlin-server in the future but if it's not there that's fine
Driver to connect would be any GLV