Added Gemfire SSL setup steps.

viragtripathi · viragtripathi · commit 6ad33da62696 · 2023-08-05T02:57:35.000-04:00
diff --git a/README.md b/README.md
@@ -65,7 +65,7 @@ changed-data events from heterogeneous data platforms to [Redis Stack](https://r
     </tr>
     <tr><td bgcolor="#FFFFFF" colspan="2">&nbsp;</td></tr>
     <tr>
-        <td> <b>REST API | CLI | Swagger UI</b> <br> Redis Connect is entirely data-driven and relies on Redis Enterprise as its metadata store. You can configure, start, stop, migrate, and restart jobs using the built-in REST API and interactive CLI. Redis Connect also exposes a Swagger UI to simplify endpoint discovery and operational experience.</td>
+        <td> <b>REST API | CLI | <a href="https://redis-field-engineering.github.io/redis-connect-api-docs" target="_blank">Swagger UI</a></b> <br> Redis Connect is entirely data-driven and relies on Redis Enterprise as its metadata store. You can configure, start, stop, migrate, and restart jobs using the built-in REST API and interactive CLI. Redis Connect also exposes a Swagger UI to simplify endpoint discovery and operational experience.</td>
         <td width="50%"><a href="https://redis-field-engineering.github.io/redis-connect-api-docs"><img src="/images/capabilities/Redis Connect Swagger UI.png" style="float: right;" width="500" height="200" alt="Redis Connect Swagger UI"></a></td>
     </tr>
     <tr><td bgcolor="#FFFFFF" colspan="2">&nbsp;</td></tr>
@@ -152,7 +152,7 @@ redis-connect\bin> redisconnect.bat start
 
 ### Swagger UI
 
-The [Redis Connect Swagger UI](https://redis-field-engineering.github.io/redis-connect-api-docs) is available on port 8282 by default. If you're running locally, you can point your browser to [http://localhost:8282/swagger-ui/index.html]()
+Redis Connect Swagger UI is available on port 8282 by default. If you're running locally, you can point your browser to [http://localhost:8282/swagger-ui/index.html]()
 
 <br>_For quick start, use '**cdc_job**' as **jobName**_
 <br><br><img src="/images/quick-start/Redis Connect Swagger Front Page.jpg" style="float: right;" width = 700px height = 425px/>
diff --git a/examples/gemfire/README.md b/examples/gemfire/README.md
@@ -2,6 +2,106 @@
 
 Please see an example under [Demo](demo/setup_gemfire.sh).
 
+**or**
+
+Use your existing VMware Gemfire installation
+
+### Configuring SSL
+
+* Create server keystore e.g. GemfireServer.jks.<p>
+````shell
+keytool -genkey -alias GemfireServer -keyalg RSA -validity 3650 -keystore "GemfireServer.jks" -storetype JKS -dname "CN=trusted" -keypass password -storepass password
+````
+
+* Export server's public certificate. This will be kept in client's truststore for client to authC server.
+````shell
+keytool -exportcert -alias GemfireServer -keystore GemfireServer.jks -file GemfireServer.cer
+````
+
+* Create client keystore e.g. GemfireClient.jks
+````shell
+keytool -genkey -alias GemfireClient -keyalg RSA -validity 3650 -keystore GemfireClient.jks -storetype JKS -dname "CN=trusted" -keypass password -storepass password
+````
+
+* Export client's public certificate. This will be kept in server's truststore for server to authC client.
+````shell
+keytool -exportcert -alias GemfireClient -keystore GemfireClient.jks -file GemfireClientPublic.cer
+````
+
+* Add Server certificate to client trust store
+````shell
+keytool -importcert -alias GemfireServer -keystore GemfireClient.jks -file GemfireServer.cer
+````
+
+* Add client certificate to server truststore
+````shell
+keytool -importcert -alias GemfireClient -keystore GemfireServer.jks -file GemfireClientPublic.cer
+````
+
+#### Create secured (SSL enabled) gemfire cluster
+
+gemfire.properties
+````shell
+ssl-enabled-components=all
+mcast-port=0
+locators=localhost[10334]
+````
+
+gfsecurity.properties
+````shell
+ssl-enabled-components=all
+ssl-keystore-type=jks
+ssl-keystore=/home/virag/gemfire/vmware-gemfire-9.15.1/config/certs/GemfireServer.jks
+ssl-keystore-password=password
+ssl-truststore=/home/virag/gemfire/vmware-gemfire-9.15.1/config/certs/GemfireServer.jks
+ssl-truststore-password=password
+````
+
+#### Steps to start secure cluster
+
+* Start locator
+````shell
+start locator --name=mylocator --properties-file=/path/to/your/gemfire.properties --security-properties-file=/path/to/your/gfsecurity.properties
+````
+
+* Start cache-server
+````shell
+start server --name=myserver --properties-file=/path/to/your/gemfire.properties --security-properties-file=/path/to/your/gfsecurity.properties
+````
+
+#### Connecting to ssl secured cluster from gfsh
+````shell
+connect --locator=localhost[10334] --use-ssl --security-properties-file=/path/to/your/gfsecurity.properties
+````
+
+**or**
+
+````shell
+~/vmware-gemfire-9.15.1/bin$ ./gfsh
+    _________________________     __
+   / _____/ ______/ ______/ /____/ /
+  / /  __/ /___  /_____  / _____  /
+ / /__/ / ____/  _____/ / /    / /
+/______/_/      /______/_/    /_/    9.15.1
+
+Monitor and Manage VMware Tanzu GemFire
+gfsh>connect --locator=10.142.0.20[10334] --use-ssl
+key-store: /home/virag/gemfire/vmware-gemfire-9.15.1/config/certs/GemfireClient.jks
+key-store-password: ********
+key-store-type(default: JKS):
+trust-store: /home/virag/gemfire/vmware-gemfire-9.15.1/config/certs/GemfireClient.jks
+trust-store-password: ********
+trust-store-type(default: JKS):
+ssl-ciphers(default: any):
+ssl-protocols(default: any):
+ssl-enabled-components(default: all):
+Connecting to Locator at [host=10.142.0.20, port=10334] ..
+Connecting to Manager at [host=fe-dev.c.central-beach-194106.internal, port=1099] ..
+Successfully connected to: [host=fe-dev.c.central-beach-194106.internal, port=1099]
+
+You are connected to a cluster of version: 9.15.1
+````
+
 ## Setting up Redis Enterprise Databases (Target)
 
 Before using Redis Connect to capture the changes committed on Gemfire into Redis Enterprise Databases, first create a database for the metadata management and metrics provided by Redis Connect by creating a database with [RedisTimeSeries](https://redis.com/modules/redis-timeseries/) module enabled, see [Create Redis Enterprise Database](https://docs.redis.com/latest/rs/administering/creating-databases/#creating-a-new-redis-database) for reference. Then, create (or use an existing) another Redis Enterprise database (Target) to store the changes coming from PostgreSQL. Additionally, you can enable [RediSearch 2.0](https://redis.com/blog/introducing-redisearch-2-0/) module on the target database to enable secondary index with full-text search capabilities on the existing hashes where PostgreSQL changed events are being written at then [create an index, and start querying](https://oss.redis.com/redisearch/Commands/) the document in hashes.
