Enable secure RMI
Note: PPM does not enable SSL by default, for enabling it requires other user information. However, we recommend that you enable it, especially in production environment, to make sure data being transmitted is encrypted. The use of SSL protects sensitive information from the risk of eavesdropping, data tampering, or message forgery in the process of transmitting.
-
Create a keystore for SSL to use.
You can use the Java keytool application to create a keystore. For information about the keytool application, see the Oracle documentation online.
Use the keystore password that you use to run keytool to define the
KEY_STORE_PASSWORD
. -
In the
server.conf
file, specify values for the following three parameters:-
RMI_URL
-
Set the
KEY_STORE_FILE
parameter to point to the keystore file. -
Set the
KEY_STORE_PASSWORD
to the keystore password you created in step 1. This password can be encrypted.
-
Example: Example
If you ran keytool to create the file security/keystore
relative to the <PPM_Home>
directory, and you used the password "welcome", ran on host "caboose", and listened on port 1099, your server.conf
parameters would look as follows:
com.kintana.core.server.RMI_URL=rmis://caboose:1099/KintanaServer
com.kintana.core.server.KEY_STORE_FILE=security/keystore
com.kintana.core.server.KEY_STORE_PASSWORD=welcome
Note: Micro Focus does not recommend using self-signed certificates in production environments as they may negate the benefits of end-to-end security by decreasing the ability of a user to detect a man-in-the-middle (MITM) attack.