You can secure RMI communications by transmitting them over SSL. The Oracle ATG Web Commerce platform includes a class, atg.net.ssl.SSLRMISocketFactory, for creating secure sockets for RMI, and a Nucleus component that is an instance of this class, /atg/dynamo/service/socket/. To enable RMI over SSL, set the
SSLRMISocketFactoryRMISocketFactory property of the /atg/dynamo/server/RmiInitialization component to point to the SSLRMISocketFactory component:
RMISocketFactory=/atg/dynamo/service/socket/SSLRMISocketFactoryTo use RMI over SSL, configure public and private keys and wrap the public key in a self-signed certificate. Use the keytool utility to generate a new private key and public key, and wrap the public key into a new self-signed certificate.
Create a key store and trust store for each server.
Use the JDK
keytoolutility with the–genkeyflag to generate a new self-signed certificate that wraps the public key.Import the certificate into the trust store of each server.
Configure the
/atg/dynamo/security/BasicSSLConfigurationcomponent on each server. You must set thekeyStoreandtrustStoreproperties to point to your new key store and trust store file locations. You must also set thekeyStorePasswordandtrustStorePasswordproperties to the values that you used when creating the key store and trust store.
For more information about SSL keys and certificates, and for documentation about the Java Secure Socket Extension (JSSE) APIs, see the Oracle Web site.
