Method 1: Configure Spectrum to accept user-provided CA certificates

This configuration method accepts user-provided certificates that are certificate authority (CA) registered.

This is the recommended method, as it provides the highest level of security. For this configuration, all nodes of the same type (node or client) should have certificates with matching DNs, as shown below.

  1. Setup keystores and truststore, and copy those to the SpectrumDirectory/server/conf/certs folder.
  2. Set encryption settings in the server installation location:
    • spectrum.encryption.enabled=true

    • spectrum.encryption.algorithm=JASYPT

    • spectrum.encryption.selfSignedCert=false
    • spectrum.encryption.trustAllHosts=false
    • spectrum.encryption.keystoreType=pkcs12 or jks
    • spectrum.encryption.keystore=node-keystore.p12
    • spectrum.encryption.keystorePassword=password
    • spectrum.encryption.keystoreAlias=keystore alias if one applies
    • spectrum.encryption.truststoreType=pkcs12 or jks
    • spectrum.encryption.truststore=truststore.p12
    • spectrum.encryption.truststorePassword=truststore password