By default, the interconnection between Rhino and a management client uses the Secure Sockets Layer (SSL) protocol.

(You can disable SSL by editing the JMX Remote Adaptor m-let configuration.)

How does SSL work?

An SSL connection for sending data protects it by using encryption, which prevents eavesdropping and tampering. SSL uses a cryptographic system that doubly encrypts the data, with both a public key known to everyone and a private (or "secret") key known only to the recipient of the message.

For more about SSL, please see SSL Certificates HOWTO from the Linux Documentation Project, and Java SE Security Documentation from Oracle.

Below are descriptions of Rhino SSL keystores and using the keytool utility to manage them.

SSL in Rhino

Several keystores store the keys Rhino uses during user authentication. For example, a Rhino SDK installation includes:

Keystore Used by…​ To…​


identify themselves, and confirm the server’s identity



identify itself, confirm a client’s identity


Rhino OA&M clients (like command line console)

duplicate $RHINO_HOME/rhino-public.keystore (this is a copy of that), when copying the client directory to another location

Tip The installation process generates keystores, keys, and certificates for Rhino.

Using keytool to manage keystores

You can use keytool to manage keystores. For example:

$ keytool -list -keystore rhino-public.keystore
Enter keystore password:  <password>

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

jmxr-ssl-server, Jul 2, 2008, trustedCertEntry,
Certificate fingerprint (MD5): 8F:A4:F1:68:59:DC:66:C0:67:D8:91:C8:18:F5:C7:14
jmxr-ssl-client, Jul 2, 2008, keyEntry,
Certificate fingerprint (MD5): 99:8F:53:66:D9:BD:AE:3C:86:9C:0F:CD:42:6F:DA:83
Change the default passphrase

Rhino keystores and keys have a default passphrase of changeit. As the name suggests, OpenCloud recommends changing it, for example with keytool:

keytool -storepasswd -keystore rhino-public.keystore
Previous page Next page
Rhino Version 2.7.0