Scott, Just so you know, certificate signing / chains are not required.
Best of luck with it. - Andrew On Mon, 2006-07-10 at 18:16 +1200, Scott Gray wrote: > Hi Andrew > > Thanks for the advice, i had figured most of it out already but couldn't > quite get there. I wasn't sure what to do with ofbiztrust.jks as it > looked like ofbizrmi.jks and ofbizcerts.jks covered the keys i needed. > I deleted the respective client/server trustcerts and keys from those 2 > keystores and then created new keys and exported the public certs, but > that didn't work. When it looked like i needed to start signing the > keys (because the default ones have a cert chain?) thats when i gave up. > > But anyway all i wanted to do was have a go with rmi and see how i could > get it to do a few things i need doing, production isn't even a dot on > the horizon at this stage. > > Thanks for your help > Scott > > > Andrew Sykes wrote: > > Scott, > > > > You really don't want to use the SSL cert straight out of SVN, as this > > would allow anyone else with a default cert to connect to your server. > > > > It's we'll worth looking at the instructions to make sure you can > > generate certs for yourself. > > > > One hint though, you need to have the ofbizrmi.jks and ofbiztrust.jks > > setup at both ends. > > > > For testing, the easiest way is to create a certificate export it to the > > trust store and then just copy both these files to the other instance. > > > > For production, remember that the truststore of the "client" would hold > > the public key exported from the keystore of the "server". Conversely > > the truststore of the "server" would hold the public key exported from > > the keystore of the "client". > > > > Making the keystore and truststore identical on both sides makes life a > > bit easier for testing, but make sure you toughen things up before you > > go into production!!! > > > > - Andrew > > > > On Sun, 2006-07-09 at 16:18 +1200, Scott Gray wrote: > > > >> I'm trying to use the ExampleRemoteClient in > >> framework/service/src/org/ofbiz/service/rmi but the client won't connect > >> because the rmi server certificate has expired and i dont know how to > >> replace it. I was hoping someone who knew how could replace it in the svn. > >> > >> BJ Freeman wrote: > >> > >>> at what level. > >>> how to replace the JKS or how to create the JKS > >>> if you look in the base/config you will see all the jks file including > >>> the rmi. > >>> > >>> > >>> Scott Gray sent the following on 7/8/2006 8:54 PM: > >>> > >>>> Hi BJ > >>>> > >>>> I saw the thread when it came through, that's what made me want to > >>>> take a look at rmi. The thread didn't seem to have anything to do > >>>> with expired certificates though, and that's what i was hoping > >>>> someone who knows how could do, replace the expired rmi server > >>>> certificate. > >>>> I also saw Andrew's discussion with David and Andy on the old list > >>>> from a year or two ago, but that didn't help me much either. > >>>> > >>>> Regards > >>>> Scott > >>>> > >>>> BJ Freeman wrote: > >>>> > >>>>> there was a discussion last few days in the user mailing list about RMI > >>>>> Brett palmer gave some details. > >>>>> > >>>>> > >>>>> Scott Gray sent the following on 7/8/2006 8:19 PM: > >>>>> > >>>>>> Hi All > >>>>>> > >>>>>> I was wondering if anybody who knows how to do it, would mind > >>>>>> updating the ssl certs for the rmi server? I've been staring at > >>>>>> the files for most of the day but i really have no idea about ssl, > >>>>>> and what was going to be a quick browse through rmi is turning into > >>>>>> a long browse through ssl. Any help would be appreciated. > >>>>>> > >>>>>> Thanks > >>>>>> Scott > >>>>>> > >>>>>> -- Kind Regards Andrew Sykes <[EMAIL PROTECTED]> Sykes Development Ltd http://www.sykesdevelopment.com
