You can secure RMI communications by transmitting them over SSL. The Oracle ATG Web Commerce platform includes a class, atg.net.ssl.SSLRMISocketFactory
, for creating secure sockets for RMI, and a Nucleus component that is an instance of this class, /atg/dynamo/service/socket/
. To enable RMI over SSL, set the
SSLRMISocketFactoryRMISocketFactory
property of the /atg/dynamo/server/RmiInitialization
component to point to the SSLRMISocketFactory
component:
RMISocketFactory=/atg/dynamo/service/socket/SSLRMISocketFactory
To use RMI over SSL, configure public and private keys and wrap the public key in a self-signed certificate. Use the keytool
utility to generate a new private key and public key, and wrap the public key into a new self-signed certificate.
Create a key store and trust store for each server.
Use the JDK
keytool
utility with the–genkey
flag to generate a new self-signed certificate that wraps the public key.Import the certificate into the trust store of each server.
Configure the
/atg/dynamo/security/BasicSSLConfiguration
component on each server. You must set thekeyStore
andtrustStore
properties to point to your new key store and trust store file locations. You must also set thekeyStorePassword
andtrustStorePassword
properties to the values that you used when creating the key store and trust store.
For more information about SSL keys and certificates, and for documentation about the Java Secure Socket Extension (JSSE) APIs, see the Oracle Web site.