Share this page
Enable secure RMI
Note: PPM does not enable SSL by default, for enabling it requires other user information. However, we recommend that you enable it, especially in production environment, to make sure data being transmitted is encrypted. The use of SSL protects sensitive information from the risk of eavesdropping, data tampering, or message forgery in the process of transmitting.
-
Create a keystore for SSL to use.
You can use the Java keytool application to create a keystore. For information about the keytool application, see the Oracle documentation online.
Use the keystore password that you use to run keytool to define the
KEY_STORE_PASSWORD. -
In the
server.conffile, specify values for the following three parameters:-
RMI_URL -
Set the
KEY_STORE_FILEparameter to point to the keystore file. -
Set the
KEY_STORE_PASSWORDto the keystore password you created in step 1. This password can be encrypted.
-
Example: Example
If you ran keytool to create the file security/keystore relative to the <PPM_Home> directory, and you used the password "welcome", ran on host "caboose", and listened on port 1099, your server.conf parameters would look as follows:
com.kintana.core.server.RMI_URL=rmis://caboose:1099/KintanaServer
com.kintana.core.server.KEY_STORE_FILE=security/keystore
com.kintana.core.server.KEY_STORE_PASSWORD=welcome
Note: It is not recommended to use self-signed certificates in production environments as they may negate the benefits of end-to-end security by decreasing the ability of a user to detect a man-in-the-middle (MITM) attack.
