Enable SSL on the Client SDK

To enable SSL on the client SDK, you can utilize HTTPS transportation between the client SDK and the server SDK:

  1. On the client machine, in the product that embeds the client SDK, locate the transportation setting and make sure it is configured to HTTPS, and not HTTP.
  2. Download the CA certificate/self-signed public certificate to the client machine, and import it into the cacerts truststore on the JRE that is going to connect to the server.

    Use the following command:

    Keytool -import -alias <CA name> -trustcacerts -file <server public certificate path> -keystore <path to client jre trusted cacerts store (e.g. x:\program files\java\jre\lib\security\cacerts)>

To enable certificate validation on the client, start the JVM with the following system property setting to true:

"-DenableServerCertValidation=true"

Note Enabling certificate validation also enables changing which SSL protocol is used (by default TLS v1.2 is used).

TLSv1.0 and TLSv1.1 are not supported.

 

To enable hostname validation, first enable certificate validation:

  1. Replace the server self-signed certificate with one that contains FQDN hostname in the common name field.
  2. Add the certificate without the private key to all clients' JRE trust stores (for all hosts and JVM versions used).
  3. Start the clients with the following global property setting:

    "-DenableServerCertHostValidation=true"

 

To change SSL protocol, first enable certificate validation and then add the property:

"-DsslProtocol=TLSv1.2"

 

To debug SSL connectivity issues, add the following parameter to system properties:

"-Djavax.net.debug=ssl"