Am trying to enable node-to-node and client-to-node ssl encrytion in Datastax dse 3.2.3. First I tried to enable node-to-node it worked fine and started with out any error and then I added the client-to-node encryption options in the cassandra.yaml file, then it started throwing errors to me
ERROR [Thrift:1] 2014-01-15 16:22:22,628 TNegotiatingServerTransport.java (line 524) Failed to open server transport.
org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129)
at com.datastax.bdp.transport.server.TPreviewableTransport.readUntilEof(TPreviewableTransport.java:79)
at com.datastax.bdp.transport.server.TPreviewableTransport.preview(TPreviewableTransport.java:55)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport.open(TNegotiatingServerTransport.java:189)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:517)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:408)
at org.apache.cassandra.thrift.CustomTThreadPoolServer$WorkerProcess.run(CustomTThreadPoolServer.java:193)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:671)
at sun.security.ssl.InputRecord.read(InputRecord.java:504)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127)
... 9 more
DEBUG [WRITE-/x.x.x.x] 2014-01-15 16:22:27,586 OutboundTcpConnection.java (line 294) attempting to connect to /x.x.x.x
DEBUG [WRITE-/x.x.x.x] 2014-01-15 16:22:28,508 OutboundTcpConnection.java (line 294) attempting to connect to /x.x.x.x
ERROR [Thrift:2] 2014-01-15 16:22:32,926 TNegotiatingServerTransport.java (line 524) Failed to open server transport.
org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129)
at com.datastax.bdp.transport.server.TPreviewableTransport.readUntilEof(TPreviewableTransport.java:79)
at com.datastax.bdp.transport.server.TPreviewableTransport.preview(TPreviewableTransport.java:55)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport.open(TNegotiatingServerTransport.java:189)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:517)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:408)
at org.apache.cassandra.thrift.CustomTThreadPoolServer$WorkerProcess.run(CustomTThreadPoolServer.java:193)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:671)
at sun.security.ssl.InputRecord.read(InputRecord.java:504)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127)
... 9 more
My cassandra.yaml file looks like this.
server_encryption_options:
internode_encryption: all
keystore: /path/to/.keystore
keystore_password: xxxxx
truststore: /path/to/.truststore
truststore_password: xxxxx
client_encryption_options:
enabled: true
keystore: /path/to/.keystore
keystore_password: xxxxx
truststore: /path/to/.truststore
truststore_password: xxxxx
protocol: ssl
store_type: JKS
cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
This error means that you have a client which is attempting to open an unencrypted connection.
Related
I have connect MSMQ with WSO2 ESB in local enviroment. After connecting with the remote MSMQ I can send a message to it. But when I got data by listen the following error is occuring:
java.lang.RuntimeException: Error in receiving at
org.apache.camel.component.msmq.native_support.msmq_native_supportJNI
.MsmqQueue_receiveMessage(Native Method)
at org.apache.camel.component.msmq.native_support.MsmqQueue.receiveMessa
ge(MsmqQueue.java:51)
at org.apache.axis2.transport.msmq.util.MSMQCamelClient.receive(MSMQCame
lClient.java:40)
at org.apache.axis2.transport.msmq.ServiceTaskManager$MessageListenerTas
k.run(ServiceTaskManager.java:218)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(Native
WorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:615)
at java.lang.Thread.run(Thread.java:745)
Need some help regarding cassandra stress testing. I have installed the cassandra-stress 2.1 tool from datastax website. I want to do Read+Write stress testing in the ratio of 10:1 and using 15 threads. I somehow cant get it to work. I am able to successfully to the read and write testing seperately.
Command I am using :
./cassandra-stress mixed ratio(write=1,read=10) n=10000 cl=ONE -port thrift=9160 -schema keyspace="Keyspace1" -mode thrift smart -rate threads>=15 threads\<=15 -node 192.168.5.10
Even though I specify the port as 9160 but it is using native 9042 port.
I am getting the following error:
ERROR 18:03:07 Error creating pool to /192.168.5.11:9042
com.datastax.driver.core.TransportException: [/192.168.5.11:9042] Cannot connect
at com.datastax.driver.core.Connection.<init>(Connection.java:106) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.PooledConnection.<init>(PooledConnection.java:32) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.Connection$Factory.open(Connection.java:521) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.DynamicConnectionPool.<init>(DynamicConnectionPool.java:73) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.HostConnectionPool.newInstance(HostConnectionPool.java:33) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.SessionManager.replacePool(SessionManager.java:239) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.SessionManager.access$400(SessionManager.java:39) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.SessionManager$3.call(SessionManager.java:272) [cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.SessionManager$3.call(SessionManager.java:264) [cassandra-driver-core-2.1.2.jar:na]
at java.util.concurrent.FutureTask.run(FutureTask.java:262) [na:1.7.0_72]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_72]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_72]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_72]
Caused by: org.jboss.netty.channel.ConnectTimeoutException: connection timed out: /192.168.5.11:9042
at org.jboss.netty.channel.socket.nio.NioClientBoss.processConnectTimeout(NioClientBoss.java:137) ~[netty-3.9.0.Final.jar:na]
at org.jboss.netty.channel.socket.nio.NioClientBoss.process(NioClientBoss.java:83) ~[netty-3.9.0.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318) ~[netty-3.9.0.Final.jar:na]
at org.jboss.netty.channel.socket.nio.NioClientBoss.run(NioClientBoss.java:42) ~[netty-3.9.0.Final.jar:na]
... 3 common frames omitted
ERROR 18:03:12 Error creating pool to /192.168.5.13:9042
com.datastax.driver.core.TransportException: [/192.168.5.13:9042] Cannot connect
at com.datastax.driver.core.Connection.<init>(Connection.java:106) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.PooledConnection.<init>(PooledConnection.java:32) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.Connection$Factory.open(Connection.java:521) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.DynamicConnectionPool.<init>(DynamicConnectionPool.java:73) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.HostConnectionPool.newInstance(HostConnectionPool.java:33) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.SessionManager.replacePool(SessionManager.java:239) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.SessionManager.access$400(SessionManager.java:39) ~[cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.SessionManager$3.call(SessionManager.java:272) [cassandra-driver-core-2.1.2.jar:na]
at com.datastax.driver.core.SessionManager$3.call(SessionManager.java:264) [cassandra-driver-core-2.1.2.jar:na]
at java.util.concurrent.FutureTask.run(FutureTask.java:262) [na:1.7.0_72]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_72]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_72]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_72]
Caused by: org.jboss.netty.channel.ConnectTimeoutException: connection timed out: /192.168.5.13:9042
at org.jboss.netty.channel.socket.nio.NioClientBoss.processConnectTimeout(NioClientBoss.java:137) ~[netty-3.9.0.Final.jar:na]
at org.jboss.netty.channel.socket.nio.NioClientBoss.process(NioClientBoss.java:83) ~[netty-3.9.0.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318) ~[netty-3.9.0.Final.jar:na]
at
org.jboss.netty.channel.socket.nio.NioClientBoss.run(NioClientBoss.java:42) ~[netty-3.9.0.Final.jar:na]
... 3 common frames omitted
You need to escape the shell metacharacters (parantheses and angle brackets in this case). Try this:
./cassandra-stress mixed ratio\(write=1,read=10\) n=10000 cl=ONE -port thrift=9160 -schema keyspace="Keyspace1" -mode thrift smart -rate threads\>=15 threads\<=15 -node 192.168.5.10
I am using cassandra 1.2 datastax community edition. I am trying to enable the client_encryption_options and the server is not starting up. I am getting the below exception.
cassnadra.yaml configuration
client_encryption_options:
enabled: true
keystore: C:/Projects/MainApp/cassandrakeystore.jks
keystore_password: cassandra
require_client_auth: true
# Set trustore and truststore_password if require_client_auth is true
truststore: C:/Projects/MainApp/cassandratruststore.jks
truststore_password: cassandra
Exception on the startup
ERROR [main] 2014-07-08 10:41:09,006 CassandraDaemon.java (line 464) Exception encountered during startup
java.lang.RuntimeException: Unable to create thrift socket to localhost/127.0.0.1:9160
at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:267)
at org.apache.cassandra.thrift.TServerCustomFactory.buildTServer(TServerCustomFactory.java:46)
at org.apache.cassandra.thrift.ThriftServer$ThriftServerThread.<init>(ThriftServer.java:105)
at org.apache.cassandra.thrift.ThriftServer.start(ThriftServer.java:52)
at org.apache.cassandra.service.CassandraDaemon.start(CassandraDaemon.java:400)
at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:460)
at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:490)
Caused by: org.apache.thrift.transport.TTransportException: Could not bind to port 9160
at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117)
at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103)
at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:257)
... 6 more
Caused by: java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA with currently installed providers
at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledCipherSuites(Unknown Source)
at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113)
... 8 more
At a glance, the following line makes me think you need to install JCE:
Caused by: java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA with currently installed providers
See: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
I am new to Cassandra and looking to setup internode encryption in Cassandra 1.2.8.
I have successfully created a keypair for the keystore and truststore following the steps outlined here:
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
In the Cassandra.yaml file, I have adjusted the server encryption options to the following:
server_encryption_options:
internode_encryption: all
keystore: conf/keystore
keystore_password: password
truststore: conf/truststore
truststore_password: password
However, when I start the Cassandra server, I receive the following error:
ERROR 18:49:20,883 Fatal configuration error
org.apache.cassandra.exceptions.ConfigurationException: Unable to create ssl socket
at org.apache.cassandra.net.MessagingService.getServerSocket(MessagingService.java:410)
at org.apache.cassandra.net.MessagingService.listen(MessagingService.java:390)
at org.apache.cassandra.service.StorageService.joinTokenRing(StorageService.java:589)
at org.apache.cassandra.service.StorageService.initServer(StorageService.java:554)
at org.apache.cassandra.service.StorageService.initServer(StorageService.java:451)
at org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:348)
at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:447)
at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:490)
Caused by: java.io.IOException: Error creating the initializing the SSL Context
at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:124)
at org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.java:53)
at org.apache.cassandra.net.MessagingService.getServerSocket(MessagingService.java:406)
... 7 more
Caused by: java.io.FileNotFoundException: conf\truststore\dev (The system cannot find the path specified)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(Unknown Source)
at java.io.FileInputStream.<init>(Unknown Source)
at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:105)
... 9 more
Unable to create ssl socket
Fatal configuration error; unable to start server. See log for stacktrace.
ERROR 18:49:20,887 Exception in thread Thread[StorageServiceShutdownHook,5,main]
java.lang.NullPointerException
at org.apache.cassandra.service.StorageService.stopRPCServer(StorageService.java:321)
at org.apache.cassandra.service.StorageService.shutdownClientServers(StorageService.java:370)
at org.apache.cassandra.service.StorageService.access$000(StorageService.java:88)
at org.apache.cassandra.service.StorageService$1.runMayThrow(StorageService.java:519)
at org.apache.cassandra.utils.WrappedRunnable.run(WrappedRunnable.java:28)
at java.lang.Thread.run(Unknown Source)
Please note the server runs without issues if the server encryption options is set back to none. Any thoughts/guidance would be appreciated.
Read the exception carefully:
Caused by: java.io.FileNotFoundException: conf\truststore\dev
(The system cannot find the path specified)
You've created the key/trust stores but you haven't pointed cassandra to them. In cassandra.yaml you need to enable SSL but you also need to specify the path to these two files. E.g:
server_encryption_options:
internode_encryption: all
keystore: C:\some\location
keystore_password: password
truststore: C:\some\other\location
truststore_password: password
Also remember to supply the key/trust store passwords instead of the example in cassandra.yaml.
Hy, basically I want to get SslRMIServerSocketFactory/SslRMIClientSocketFactory to secure my RMI calls. What is the common way to get these when client authentication is also necessary (keystores, certificates, ..)? What do I need to generate/ship?
edit: I successfully secured the communication now with RMI with server and client authentication and self-signed certificates. This works now on my machine. I submitted the certificates, truststores and keystores to the repository, but it won't work on other machines.
It was suggested that the migration broke the keystore, but I can't figure out why? Does anyone have an idea?
edit: Here is the complete stacktrace
java.rmi.ConnectIOException: Exception creating connection to: localhost; nested exception is:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
java.rmi.ConnectIOException: Exception creating connection to: localhost; nested exception is:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl) at
sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:614) at
sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198) at
sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184) at
sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322) at
sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source) at
com.uc4.webui.sla.monitoring.SLAMonitoringAccessService.<init>(SLAMonitoringAccessService.java:40) at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at
java.lang.reflect.Constructor.newInstance(Constructor.java:513) at
java.lang.Class.newInstance0(Class.java:355) at java.lang.Class.newInstance(Class.java:308) at
org.eclipse.equinox.internal.ds.model.ServiceComponent.createInstance(ServiceComponent.java:457) at
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.createInstance(ServiceComponentProp.java:264) at
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:325) at
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:588) at
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:196) at
org.eclipse.equinox.internal.ds.Resolver.buildNewlySatisfied(Resolver.java:441) at
org.eclipse.equinox.internal.ds.Resolver.enableComponents(Resolver.java:213) at
org.eclipse.equinox.internal.ds.SCRManager.performWork(SCRManager.java:800) at
org.eclipse.equinox.internal.ds.SCRManager$QueuedJob.dispatch(SCRManager.java:767) at
org.eclipse.equinox.internal.ds.WorkThread.run(WorkThread.java:89) at
java.lang.Thread.run(Thread.java:662) Caused by:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl) at
javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179) at
javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:192) at
javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:105) at
sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:595
) ... 22 more Caused by:
java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl) at
java.security.Provider$Service.newInstance(Provider.java:1245) at
sun.security.jca.GetInstance.getInstance(GetInstance.java:220) at
sun.security.jca.GetInstance.getInstance(GetInstance.java:147) at
javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) at
javax.net.ssl.SSLContext.getDefault(SSLContext.java:68) at
javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102) at
javax.rmi.ssl.SslRMIClientSocketFactory.getDefaultClientSocketFactory(SslRMIClientSocketFactory.java:192) at
javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:102) ... 23 more Caused by:
java.io.IOException: Invalid keystore format at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633) at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at
java.security.KeyStore.load(KeyStore.java:1185) at
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150) at
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40) at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at
java.lang.reflect.Constructor.newInstance(Constructor.java:513) at
java.lang.Class.newInstance0(Class.java:355) at java.lang.Class.newInstance(Class.java:308) at
java.security.Provider$Service.newInstance(Provider.java:1221) ... 30 more
My platform is Windows 7 and
java version "1.6.0_22"
Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03, mixed mode)
Here are the keytool command which I used for the generation:
keytool -genkeypair -keyalg RSA -validity 3650 -keystore bundlekeystore.jks
keytool -export -keystore bundlekeystore.jks -rfc -file bundlecertificate.cer
keytool -import -file standalonecertificate.cer -keystore truststore.jks
Your need to export your remote objects using instances of each of those classes, configured appropriately according to your special requirements about enabled protocols and cipher suites if any.
Your server needs a private key and signed certificate in its keystore.
If it's a self-signed certificate, it needs to be exported from there and imported into the client's truststore.
Your client needs a private key and signed certificate in its keystore.
If it's a self-signed certificate, it needs to be exported from there and imported into the servers's truststore.
If the certificates are signed by a recognized CA you can omit the parts involving truststores.
If your client has any special requirements about protocols or cipher suites it needs to set the system properties described for SslRMIClientSocketFactory.
If you also want a secure Registry you have to take several additional steps which I will post here if you ask, but they are fairly obvious if you have a look at the LocateRegistry.createRegistry()/getRegistry() overloads that take socket factory parameters.