I'm using SSL for secure RMI communication using the SSLSockets and SSLServerSockets. In SSL hand shaking the authentication stage which uses Public Key cryptography, is optional. The public key is exchanged using certificates, these certs should be signed. I dont need to authenticate the server and dont want to have to get certs signed so what then is the most secure/best way then to implement SSL for RMI communication. How is the secret key for encryption shared between the client and server.