Enable secure RMI
Note: PPM does not enable SSL by default, for enabling it requires other user information. However, we recommend that you enable it, especially in production environment, to make sure data being transmitted is encrypted. The use of SSL protects sensitive information from the risk of eavesdropping, data tampering, or message forgery in the process of transmitting.
Create a keystore for SSL to use.
You can use the Java keytool application to create a keystore. For information about the keytool application, see the Oracle documentation online.
Use the keystore password that you use to run keytool to define the
server.conffile, specify values for the following three parameters:
KEY_STORE_FILEparameter to point to the keystore file.
KEY_STORE_PASSWORDto the keystore password you created in step 1. This password can be encrypted.
If you ran keytool to create the file
security/keystore relative to the
<PPM_Home> directory, and you used the password "welcome", ran on host "caboose", and listened on port 1099, your
server.conf parameters would look as follows:
Note: It is not recommended to use self-signed certificates in production environments as they may negate the benefits of end-to-end security by decreasing the ability of a user to detect a man-in-the-middle (MITM) attack.