1. Installation Guide
  2. Typical Installation
  3. Configure RMI Over SSL

Configure RMI Over SSL

Configure RMI over SSL to secure the RMI ports 1099 and 1098 using SSL connections.

  1. Note:

    Support for RMI over SSL is available from the SDM 9.0.1 release.
    Select option 5, RMI Over SSL. Press Enter to continue.
  2. You are prompted to provide the certificates using any one of the options:
    1. Upload CA Certificate [Default].
    2. Self-signed certificate
  3. Enter 1 to select the first option - Upload CA Certificate [Default]. This option allows you to use the CA signed certificates. Provide the information as listed in the table.
    1. Private Key file - Complete file path of the CA signed private key file of type X.509 certificate.
    2. Certificate file - Complete file path of the CA signed certificate file of type X.509 certificate.
    3. Certificate alias name with the default value “nncentral”.
    4. Truststore password - Password that provides write protection to the truststore where the X.509 certificates are kept. The X.509 certificates are used in many internet protocols, including TLS/SSL. Truststore password must be at least 6 characters.
      The uploaded certificates are used to generate the truststore by using a keytool command and if the certificate uploaded is invalid, the execution of keytool command fails and an error is shown at the end of this option workflow. The certificates generated are stored under the location /AcmePacket/NNC90_1/ssl/RMI/ and is configured at the JVM level to establish RMI calls over SSL.
  4. Enter 2 to select the option Self-Signed. Provide information as listed below:
    1. Certificate alias name [rminncentral] - Certificate alias name with default value “nncentral”.
    2. Truststore password - Password which provides write- protection to the truststore where the X.509 certificates are kept. The X.509 certificates are used in many internet protocols, including TLS/SSL. The Truststore password must be at least 6 characters.
      After you provide the information, the server private key, server CSR file, server certificate file and Truststore certificates are generated using the openssl and keytool’ command. All certificates generated are stored under the location /AcmePacket/NNC90_1/ssl/RMI/. The generated truststore certificate and password are configured at the JVM level to establish the RMI calls over SSL.