• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

SSL with RMI question: Do I need certs?

Hi Experts,

I'm using SSL for secure RMI communication using the SSLSockets and SSLServerSockets. In SSL hand shaking the authentication stage which uses Public Key cryptography, is optional. The public key is exchanged using certificates, these certs should be signed. I dont need to authenticate the server and dont want to have to get certs signed so what then is the most secure/best way then to implement SSL for RMI communication. How is the secret key for encryption shared between the client and server.

  • 2
1 Solution
If you want to disable authentication (and the requirement for signed keys) then you can select anonymous cipher suite.
That will provide you a secure channel without identifying and authentication the two sides.
There are many techniques to share private keys this way like Diffie-Hellman: http://www.google.com/search?hl=en&q=cryptography+key+exchange
For an example of how to do that have a look at: http://www.javakb.com/Uwe/Forum.aspx/java-security/117/SSL-for-Java-without-keystores
and take the last message in that thread.
CuchulanAuthor Commented:
Hi aozarov,

Forgot to award points for this.

Thanks :-)

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now