This article describes how to connect VMware GemFire .NET Client 10.1.x with SSL to a VMware GemFire SSL enabled cluster. It's the same for any VMware GemFire .NET Native Client version 10.x, however, the steps in this KB article have been performed & tested with NC v10.1.5 on Windows 10 with Visual Studio 2017.

Prerequisites:
 

• Ensure you have Visual Studio 2017 or 2019 installed on your developer machine if you are trying this on a developer desktop.
• Keystore & Truststore files in a .pem or .cert format saved on a folder where there are appropriate read permissions for the system user runs the .NET app.
• The JKS format is not supported by .NET NC since JKS is a binary format native to Java. You will need to export your JKS certificates to PEM. If you want to export your JKS format to a PEM format, you can use various tools (for example Keystore Explorer).
• OpenSSL 64 bit installed on Windows and added to the PATH system environment variable on Windows. 

Step 1

Get the Keystore & Truststore files (certificates) with their security credentials from your VMware GemFire administrator / operator. You can keep these files under any folder on your Windows file system, make sure that the folder and the files inside it have the read permission for your application's context / system users, etc. For example, the ASP.NET application hosted under IIS needs read-only permission to these files for IIS user, ASPNET user, etc.



Step 2

Specify the SSL properties in your code or from the external properties file. The below example shows SSL properties added to a code:


You can also provide these properties from the .properties file like below and then load the properties file in your .NET code:

ssl-enabled=true
ssl-keystore=C:\\ssl-store\\mygemfirekeystore.pem
ssl-keystore-password=Gemfire
ssl-truststore=C:\\ssl-store\\mygemfirekeystore.pem

Step 3

Make sure to keep the required native client DLLs from VMware GemFire on a local computer and not from any network share. The version of the native client until 10.1.x uses one of the unmanaged DLL (cryptoImpl.dll) that cannot be loaded from a network share. It should be on a local computer, and that is by design the way .NET & Windows works for its libraries. However, native client version 10.2.x has eliminated the requirement of cryptoImpl.dll and does not get packaged with 10.2.x.

As shown in the below sample app, notice all the selected files sitting next to each other when built from Visual Studio. The cryptoImpl.dll should be in the same folder where Pivotal.GemFire.dll is located.



Step 4

Finally test your app and verify if the data is saved to the region via GFSH command-line utility or you can also print that from your code on a console.

To learn how to configure & start a VMware GemFire cluster for SSL on Windows, please follow the KB article below: 

https://community.pivotal.io/s/article/How-to-start-SSL-enabled-VMware-GemFire-cluster-on-Windows

Product Version: 10.1
OS: Windows