The below instructions are tested & verified on Windows 10 with VMware GemFire version 9.10.6, however, it should work on many combinations like Windows Server 2016 and most versions of GemFire from 9.x onwards.

Below are the steps to create a self-signed Keystore & Truststore, and then to configure it to be used on cluster bootstrapping.

Step 1

Create a Keystore and Truststore using a java based certificate management utility called Keytool. The default format that VMware GemFire follows is of type JKS, but you can create it with other formats too. And if you do use a different format, then you will need to provide that on your locator & server startup from a security properties file.

Create a Keystore:

c:\ssl-store>keytool -genkeypair -alias mygemfirekey -keyalg RSA -keystore mygemfirekeystore

There will be other information needed to provide like password for keystore and the details for certifcate like name, city, etc.

Export a self-signed certificate:

c:\ssl-store>keytool -export -alias mygemfirekey -keystore mygemfirekeystore -file mygemfirekeystore.jks
This will ask you to enter the password you have set for your keystore in a previous step. And after successfully validated the password, it will export the file in the working directory 

Import a self-signed certificate into a Truststore:

c:\ssl-store>keytool -import -alias mygemfiretruststore -file mygemfirekeystore.jks -keystore mygemfiretruststore.jks
This will ask you to set a password for this truststore. As a best practice, use a different password than the one set for keystore.

The Keystore & Truststore files must be saved now within the working folder that you wished to save them in.


Step 2

Create a VMware GemFire security properties file (for example gfsecurity.properties) with the details below:

ssl-enabled-components=all
ssl-keystore=c:\\ssl-store\\mygemfirekeystore.jks
ssl-keystore-password=whatever_password_you_set_when_creating_keystore
ssl-keystore-type=jks
ssl-truststore=c:\\ssl-store\\mygemfiretruststore.jks
ssl-truststore-password=whatever_password_you_set_when_creating_truststore

Note: When you are providing the absolute or relative path on Windows, it needs to have a double backward or forward slash.


Step 3

Provide the security properties file on locator & server startup commands:

start locator --name=locator1 --security-properties-file="c:\my-gemfire-cluster\gfsecurity.properties"

Repeat the same for cache server startup too. After successfully starting a locator process, you should see something like this on your console:

gfsh>start locator --name=locator1 --security-properties-file="C:\\IMDG\\pivotal-gemfire-9.10.4\\bin\\security.properties"
Starting a Geode Locator in C:\IMDG\pivotal-gemfire-9.10.6\bin\locator1...
.................................
trust-store-type(default: JKS):
ssl-ciphers(default: any):
ssl-protocols(default: any):
Locator in C:\IMDG\pivotal-gemfire-9.10.6\bin\locator1 on WINADServerGSS[10334] as locator1 is currently online.
Process ID: 4672
Uptime: 33 seconds
Geode Version: 9.10.6
Java Version: 14.0.1
Log File: C:\IMDG\pivotal-gemfire-9.10.6\bin\locator1\locator1.log
JVM Arguments: -DgemfireSecurityPropertyFile=C:\IMDG\pivotal-gemfire-9.10.4\bin\security.properties -Dgemfire.enable-cluster-configuration=true -Dgemfire.load-cluster-configuration-from-dir=false -Dgemfire.launcher.registerSignalHandlers=true -Djava.awt.headless=true -Dsun.rmi.dgc.server.gcInterval=9223372036854775806
Class-Path: C:\IMDG\pivotal-gemfire-9.10.6\lib\geode-core-9.10.6.jar;C:\IMDG\pivotal-gemfire-9.10.6\lib\geode-dependencies.jar

Successfully connected to: JMX Manager [host=WINADServerGSS, port=1099]

Cluster configuration service is up and running.

Note: During this startup, it might ask you to enter the below information if it's not provided on the startup command, you can simply press enter for all of this to go with default values. Refer to the docs for more details here:
 

• trust-store-type(default: JKS):
• ssl-ciphers(default: any):
• ssl-protocols(default: any):

For connecting a .NET Native Client to an SSL Enabled VMware GemFire cluster, please follow the KB article here