To enable secure RMI for register-to-store server communication:
Prepare the Key Store and truststores using the keytool utility described in Appendix E.
For the store server, add the following properties to the
<pos_install_directory>\server\pos\config\
file:
posfoundation.properties
EnabledCipherSuites=
<cipher_suites_to_use>
For example:
EnabledCipherSuites=TLS_RSA_WITH_RC4_128_SHA
If the EnabledCipherSuites property is not defined, the defaults are used.
Note: It is recommended that the default cipher suites provided by Java are used. |
EncryptValets=true
This causes the RMI communication between Manager/Technician pairs to be secured.
javax.net.ssl.keyStore=$KEYSTORE_FILE$
This points to the Key Store that contains the private keys and public certificates for the server. For example:
javax.net.ssl.keyStore=$JAVA_HOME\\jre\\lib\\security\\<keystore_name>
javax.net.ssl.keyStorePassword=!$KEYSTORE_PASSWORD$
This is the encrypted password for the Key Store. For example:
javax.net.ssl.keyStorePassword=!changeit
Note: The Key Store password follows the same convention for encryption as the other passwords. |
For the register, add the following properties to the
<pos_install_directory>client\pos\config\
file:
posfoundation.properties
EnabledCipherSuites=
<cipher_suites_to_use>
Note: The cipher suites selected for the register have to match the ones selected for the store server. |
EncryptValets=true
This causes the RMI communication between Manager/Technician pairs to be secured.
javax.net.ssl.trustStore=$TRUSTSTORE_FILE$
This points to the trust store that contains the public certificates for the client. For example:
javax.net.ssl.trustStore=$JAVA_HOME\jre\lib\security\<truststore_name>
Note: A trust store does not need to be defined in theposfoundation.properties file if certificates are imported into cacerts or jssecacerts . It is recommended that cacerts or jssecacerts is used. |