Communication between eMake and the Cluster Manager is encrypted based on Transport Layer Security (TLS) by default. eMake uses HTTPS to connect and verify the host name in the server but accepts self-signed certificates. The host (either the IP address or machine name) specified for the
--emake-cm option must be contained in the subjectAlternativeNames section of the Java keystore for the Cluster Manager. The
--emake-cm-security option can be used to change the security level. Valid levels are:
none: use http to connect to the Cluster Manager, with no transport layer security.
relaxed: use https to connect and verify the hostname in the server certificate, but accept self-signed certificates.
relaxedis the default setting.
strict: use https to connect, verify the hostname and reject self-signed certificates. Using
strictrequires the use of
strict security the following
eMake command line options are used.
--emake-ssl-cacert=< path_to_PEM_file >
Path to the certificate authority bundle file. For example,
--emake-cm-keystore=< path_to_PEM_file >
Path to the combined certificate and keystore file used to identify eMake to the Cluster Manager. For example,
-emake-cm-allow=< acl >
List of common names or organizational units (or both) that eMake will accept in Cluster Manager certificates and thus permitted to connect to the Cluster Manager, where