I've setup gemfire.properties to make the web component require SSL using ssl-enabled-components=web and setting up a keystore. The locator and server are starting ok and GFSH connects to the JMX manager. However, when I try and start the Swagger UI then I am getting ERR_SSL_VERSION_OR_CIPHER_MISMATCH. It happens when the config is that ssl-ciphers= and ssl-protocols= or set to any...

So what's the required REST API cipher for Apache Geode? Thanks

I tested this with a basic cert created with the following:

keytool -genkeypair -alias self -dname "CN=trusted" \
  -validity 3650 -keypass password -keystore ./trusted.keystore \
  -storepass password -storetype JKS

It failed in the way you describe. I recreated the cert and used a different key algorithm with -keyalg EC and then worked. I'll see if I can give a more detailed explanation at some point.

UPDATE:

I'm using Mac OS and my /Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/security/java.security file contains the following restriction for certificates:

jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
  DSA keySize < 1024, EC keySize < 224

With -keyalg EC, the generated certificate is signed with SHA256withECDSA, but without that option it is signed with SHA1withDSA, so not acceptable.

For the signed SSL certificate I had to go through this process using openssl to generate a pfx file, and then this process to import that pfx into the java keystore, with the -keyalg EC flag. The Swagger then works fine using HTTPS.