I Appendix: Secure RMI

To enable secure RMI for register-to-store server communication:

Prepare the Key Store and truststores using the keytool utility described in Appendix E.
For the store server, add the following properties to the <pos_install_directory>\server\pos\config\ posfoundation.properties file:
- EnabledCipherSuites=<cipher_suites_to_use>
  
  For example:
```
EnabledCipherSuites=TLS_RSA_WITH_RC4_128_SHA
```
  If the EnabledCipherSuites property is not defined, the defaults are used.
  
  Note:
  It is recommended that the default cipher suites provided by Java are used.
- EncryptValets=true
  
  This causes the RMI communication between Manager/Technician pairs to be secured.
- javax.net.ssl.keyStore=$KEYSTORE_FILE$
  
  This points to the Key Store that contains the private keys and public certificates for the server. For example:
```
javax.net.ssl.keyStore=$JAVA_HOME\\jre\\lib\\security\\<keystore_name>
```
- javax.net.ssl.keyStorePassword=!$KEYSTORE_PASSWORD$
  
  This is the encrypted password for the Key Store. For example:
```
javax.net.ssl.keyStorePassword=!changeit
```
  Note:
  The Key Store password follows the same convention for encryption as the other passwords.

For the register, add the following properties to the <pos_install_directory>client\pos\config\ posfoundation.properties file:

EnabledCipherSuites=<cipher_suites_to_use>

Note:
The cipher suites selected for the register have to match the ones selected for the store server.
EncryptValets=true

This causes the RMI communication between Manager/Technician pairs to be secured.

javax.net.ssl.trustStore=$TRUSTSTORE_FILE$

This points to the trust store that contains the public certificates for the client. For example:

javax.net.ssl.trustStore=$JAVA_HOME\jre\lib\security\<truststore_name>

Note:

A trust store does not need to be defined in the posfoundation.properties file if certificates are imported into cacerts or jssecacerts. It is recommended that cacerts or jssecacerts is used.