By default, the interconnection between Rhino and a management client uses the Secure Sockets Layer (SSL) protocol.

(You can disable SSL by editing the JMX Remote Adaptor m-let configuration.)

Note
How does SSL work?

An SSL connection for sending data protects it by using encryption, which prevents eavesdropping and tampering. SSL uses a cryptographic system that doubly encrypts the data, with both a public key known to everyone and a private (or "secret") key known only to the recipient of the message.

For more about SSL, please see SSL Certificates HOWTO from the Linux Documentation Project, and Java SE Security Documentation from Oracle.

Below are descriptions of Rhino SSL keystores and using the keytool utility to manage them.

SSL in Rhino

Several keystores store the keys Rhino uses during user authentication. For example, a Rhino SDK installation includes:

Keystore Used by…​ To…​
 $RHINO_HOME/rhino-public.keystore

clients

identify themselves, and confirm the server’s identity

 $RHINO_HOME/rhino-private.keystore

Rhino

identify itself, confirm a client’s identity

 $RHINO_HOME/client/rhino-public.keystore

Rhino OA&M clients (like command line console)

duplicate $RHINO_HOME/rhino-public.keystore (this is a copy of that), when copying the client directory to another location

Tip The installation process generates keystores, keys, and certificates for Rhino.

Using keytool to manage keystores

You can use keytool to manage keystores. For example:

$ keytool -list -keystore rhino-public.keystore
Enter keystore password:  <password>

Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 2 entries

jmxr-ssl-client, Apr 25, 2020, PrivateKeyEntry,
Certificate fingerprint (SHA-256): B4:5A:4E:E3:B8:73:22:C4:94:1C:C7:B7:B5:B0:BF:7E:06:B2:68:D3:D3:21:A4:98:63:2A:12:9B:53:FB:9F:C3
jmxr-ssl-server, Apr 29, 2020, trustedCertEntry,
Certificate fingerprint (SHA-256): BE:B8:00:AD:8B:5E:B3:0D:D5:5A:4B:61:AE:7B:36:F9:CD:DE:8D:8F:98:5A:13:3E:F7:27:C4:D9:D9:89:BA:F7
Note
Change the default passphrase

Rhino keystores and keys have a default passphrase of changeit. As the name suggests, Metaswitch recommends changing it, for example with keytool:

keytool -storepasswd -keystore rhino-public.keystore
Previous page Next page
Rhino Version 3.1