Search code examples
javasslrmikeytool

RMI with SSL - Handshake Exception (no cipher suites in common) when Server starts

Updated!

I'm getting an SSL Handshake Exception (javax.net.ssl.SSLHandshakeException: no cipher suites in common) when I try to run the server. The remote method only adds two integers and should return the result.

This is the exception with the debug set to "all" (this is for academic purposes):

f4e@ubuntu:~/src$ java -cp /home/f4e/src:/home/f4e/public_html/classes/compute.jar -Djavax.net.debug=all JavaMainServer
keyStore is : /home/f4e/src/serverkeystore
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
***
found key for : server
chain [0] = [
[
  Version: V3
  Subject: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 18523315733382648428919797254180215121918680143007156020237354938904591444431012172536331570011181574721085963241699242853767649174345376352591591448005435254849892937718191287509551368398704906969172147973698519659824622806121999239096092356467792628227325721217980719230231762025485862089668075844884800711903665577397049161291123872070216055386733370538028317923384382556173303479769656151061580819536871500370959735685963256143202392828062573471002182934694101563872088260168888834961204862115930106248918201069963020941120542510624155122918649342520758653875037471445162406226513752022792866552462931171741371669
  public exponent: 65537
  Validity: [From: Sun Oct 12 07:56:20 PDT 2014,
               To: Mon Oct 12 07:56:20 PDT 2015]
  Issuer: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
  SerialNumber: [    66990436]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AB FB BA 6D C8 1E 01 C7   AF E7 4D F4 EC A2 A5 68  ...m......M....h
0010: D0 86 49 74                                        ..It
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 64 5D 21 4A 7F 0A 6E 2C   FA 84 53 E2 32 C0 CF 0E  d]!J..n,..S.2...
0010: 02 4E DE 2E 59 B2 5F 43   BF 5F A8 95 65 1C 28 02  .N..Y._C._..e.(.
0020: 50 C7 9A 4A E0 CF 88 5B   62 6E C6 97 92 64 13 F0  P..J...[bn...d..
0030: CE BA FD C9 51 1F 02 D3   02 05 93 2B 93 C1 35 0E  ....Q......+..5.
0040: C2 1B 5F BA 97 63 B3 85   06 17 72 23 74 EA 40 04  .._..c....r#t.@.
0050: 40 31 36 AB 6D 93 DE 5B   6F 4F BB A1 0E 7A 55 AD  @16.m..[oO...zU.
0060: AE C6 C2 07 D1 2D 36 CF   E8 93 B1 1E 36 F6 6E E8  .....-6.....6.n.
0070: FE 37 7B 88 E8 B5 3E 01   62 5F 2D 0F D6 7E 6D 41  .7....>.b_-...mA
0080: 01 48 09 61 87 2E 29 4F   E8 73 D5 D1 5F 09 43 D4  .H.a..)O.s.._.C.
0090: 88 0C 10 01 33 E7 5E 70   1D E9 54 0F 21 39 09 0F  ....3.^p..T.!9..
00A0: E6 A9 43 64 B9 9C 09 BC   9B 5D 87 82 C0 70 58 60  ..Cd.....]...pX`
00B0: 84 56 E9 4B 48 76 CF 31   0F E9 33 5C 63 09 6B AA  .V.KHv.1..3\c.k.
00C0: 7D 2E C8 72 84 8D 7A 59   6C A1 CA E0 85 31 C5 CA  ...r..zYl....1..
00D0: 37 55 6D E7 3A B6 12 FE   7E 06 FA 9D CB 74 BE 52  7Um.:........t.R
00E0: 12 17 41 B6 41 E8 06 97   21 C3 29 A0 C6 50 D3 6A  ..A.A...!.)..P.j
00F0: 42 99 22 CC F8 52 79 01   91 B1 6A 5B 81 3C 78 F6  B."..Ry...j[.<x.

]
***
trustStore is: /home/f4e/src/servertruststore
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
  Issuer:  CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
  Algorithm: RSA; Serial number: 0x66990436
  Valid from Sun Oct 12 07:56:20 PDT 2014 until Mon Oct 12 07:56:20 PDT 2015

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256%% No cached client session
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
*** ClientHello, TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
RandomCookie:  GMT: 1413239130 bytes = { 57, 245, 243, 68, 249, 165, 71
, Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false115, 180, 83, 192, 38, 54
, 235, 78, 40, 111, 198, 229, 51, 146, 27, 87, 13, 33, 97, 134, 239 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
***
[write] MD5 and SHA1 hashes:  len = 119
0000: 01 00 00 73 03 01 54 3C   51 5A 39 F5 F3 44 F9 A5  ...s..T<QZ9..D..
0010: 47 73 B4 53 C0 26 36 EB   4E 28 6F C6 E5 33 92 1B  Gs.S.&6.N(o..RMI TCP Connection(2)-192.168.190.129, setSoTimeout(7200000) called3..
0020: 
57 0D 21 61 86 EF 00 00   38 C0 0A C0 14 00 35 C0  W.!a....8.....5.
0030: 05 C0 0F 00 39 00 38 C0   09 C0 13 00 2F C0 04 C0  ....9.8...../...
0040: 0E 00 33 00 32 C0 07 C0   11 00 05 C0 02 C0 0C C0  ..3.2...........
0050: 08 C0 12 00 0A C0 03 C0   0D 00 16 00 13 00 04 00  ................
0060: FF 01 00 00 12 00 0A 00   08 00 06 00 17 00 18 00  ................
0070: 19 00 0B 00 02 01 00                               .......
main, WRITE: TLSv1 Handshake, length = 119
[Raw write]: length = 124[Raw read]: length = 5
0000: 16 03 01 00 77    
      0000:                     16    03     01 .00 ..77 .01 w
[Raw read]: length = 11900 00   
0000: 73 03 01 54 3C 51 5A 39 01  00 .00 .73 .03 .01 w.54 .3C .  s.51 .5A T<QZ9
0010: 39 F5 F3 F5 44 F3 F9 44 F9 A5 A5  47 .73 .B4 .  s.53 .T<QZ9.C0 .26 D.36 .EB 
0010: 4E 47 28 73 6F B4  .53 .C0 D.26 .36 Gs.EB S.  &6.4E N(o
0020: 28 C6 6F E5 C6 33 E5 92 33 92 1B 1B  57 Gs.0D S.&6.21 N(o.  .61 3.86 .EF 
0020: 00 57 00 0D 38 21 C0 61 0A 86  EF 00 .00 .  3.38 .C0 W.0A !a.C0 14 .00 .35 .C0 8. .W.
!a.0030: .C0 ..14 8.00 .35 .C0 ..05 5.C0 
0F 0030:   05 00 C0 39 0F 00 00 38 39 00 C0 38 09 C0 C0   13 09 C0 13 00 2F  C0 ...04 5.C0 . ......9..8.9..8......
0040: 00 .2F /.C0 ..04 
C0 0040: 0E 0E 00 00 33 33   00 00 32 32 C0 07 C0 C0   07 11 00 05 C0 C0 02 11 C0 0C 00 C0 05   .../.3.2.........3...2..........

0050: 0050: 08 C0 C0 02 12 C0 00 0A 0C C0 C0 03 08 C0 C0   12 0D   00 00 16 00 13 00 0A 04 C0 00 03  C0 ..0D .00 ..16 . .....................
.0060: .FF .01 .00 .00 
12 0060: 00 00 0A 13 00 00   04 08 00 00 FF 06 01 00 00 17   00 18 00 00 12  .00 .0A .00 ..08 .00 .06 .. ..............
.0070: .19 .00 .0B .00 .02 .01 .00 .   
     0070:                00    17     00 .18 .00 .19 ..00 .0B .
  RMI TCP Connection(2)-192.168.190.129, READ: TLSv1 Handshake, length = 11900 02 01 00 
   *** ClientHello, TLSv1          ............

RandomCookie:  GMT: 1413239130 bytes = { 57, 245, 243, 68, 249, 165, 71, 115, 180, 83, 192, 38, 54, 235, 78, 40, 111, 198, 229, 51, 146, 27, 87, 13, 33, 97, 134, 239 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
***
[read] MD5 and SHA1 hashes:  len = 119
0000: 01 00 00 73 03 01 54 3C   51 5A 39 F5 F3 44 F9 A5  ...s..T<QZ9..D..
0010: 47 73 B4 53 C0 26 36 EB   4E 28 6F C6 E5 33 92 1B  Gs.S.&6.N(o..3..
0020: 57 0D 21 61 86 EF 00 00   38 C0 0A C0 14 00 35 C0  W.!a....8.....5.
0030: 05 C0 0F 00 39 00 38 C0   09 C0 13 00 2F C0 04 C0  ....9.8...../...
0040: 0E 00 33 00 32 C0 07 C0   11 00 05 C0 02 C0 0C C0  ..3.2...........
0050: 08 C0 12 00 0A C0 03 C0   0D 00 16 00 13 00 04 00  ................
0060: FF 01 00 00 12 00 0A 00   08 00 06 00 17 00 18 00  ................
0070: 19 00 0B 00 02 01 00                               .......
%% Initialized:  [Session-2, SSL_NULL_WITH_NULL_NULL]
%% Invalidated:  [Session-2, SSL_NULL_WITH_NULL_NULL]
RMI TCP Connection(2)-192.168.190.129, SEND TLSv1 ALERT:  fatal, description = handshake_failure
RMI TCP Connection(2)-192.168.190.129, WRITE: TLSv1 Alert, length = 2
[Raw read]: length = 5
0000: 15 03 01 00 02                                     .....
[Raw read]: length = 2
0000: 02 28                                              .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
JavaMainServer exception
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
	javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:304)
	at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
	at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:341)
	at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
	at JavaMainServer.main(JavaMainServer.java:38)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
	at java.io.DataOutputStream.flush(DataOutputStream.java:123)
	at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:229)
	... 4 more
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28                               ......(
RMI TCP Connection(2)-192.168.190.129, called closeSocket()
RMI TCP Connection(2)-192.168.190.129, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
RMI TCP Connection(2)-192.168.190.129, called close()
RMI TCP Connection(2)-192.168.190.129, called closeInternal(true)

These 3 .java files were UPDATED with the solution of my problem:

JavaMainServer.java

import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.UnicastRemoteObject;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import java.rmi.RemoteException;
import java.net.*;
import java.util.*;

/**
 *
 * @author João
 */
public class JavaMainServer extends UnicastRemoteObject implements Compute {

    public JavaMainServer() throws RemoteException {
        super(0,
			new SslRMIClientSocketFactory(),
			new SslRMIServerSocketFactory(null, null, true));
    }
    
    /**
     * @param args the command line arguments
     */
    public static void main(String[] args) {
        try {
			setSettings();
			
			if (System.getSecurityManager() == null) {
				System.setSecurityManager(new SecurityManager());
			}	
            
            String name = "Compute";
            Compute add = new JavaMainServer();
                        
            Registry reg = LocateRegistry.getRegistry(null, 1099,
													new SslRMIClientSocketFactory());
            reg.rebind(name, add);
            System.out.println("JavaMainServer bound");
        } catch (Exception e) {
            System.err.println("JavaMainServer exception");
            e.printStackTrace();
        }
    }
    
    private static void setSettings() {
        String pass = "ssfbpwks";
        System.setProperty("java.security.policy", "server.policy");
        
        System.setProperty("java.rmi.server.codebase", "http://ubuntu/~f4e/classes/compute.jar");
		System.setProperty("java.rmi.server.hostname", "192.168.190.129");
		
		System.setProperty("javax.net.ssl.keyStore", "/home/f4e/src/serverkeystore");
		System.setProperty("javax.net.ssl.keyStorePassword", pass);
		System.setProperty("javax.net.ssl.trustStore", "/home/f4e/src/servertruststore");
		System.setProperty("javax.net.ssl.trustStorePassword", pass);
	}

    @Override
    public int addCalculation(int a, int b) {
        return a + b;
    }
    
}

JavaMainClient.java

import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;

/**
 *
 * @author João
 */
public class JavaMainClient {

    /**
     * @param args the command line arguments
     */
    public static void main(String[] args) {
        try {
			setSettings();
        
			if(System.getSecurityManager() == null) {
				System.setSecurityManager(new SecurityManager());
			}
			
            String name = "Compute";
            Registry reg = LocateRegistry.getRegistry(args[0], 1099,
													new SslRMIClientSocketFactory());
            
            Compute comp = (Compute) reg.lookup(name);
            comp.addCalculation(Integer.parseInt(args[1]), Integer.parseInt(args[2]));
            System.out.println(comp.addCalculation(Integer.parseInt(args[1]),
												Integer.parseInt(args[2])));
        } catch(Exception e) {
            System.err.println("JavaMainClient exception:");
            e.printStackTrace();
        }
    }
    
    private static void setSettings() {
		String pass = "csfbpwks";
		System.setProperty("java.security.policy", "client.policy");
        
        System.setProperty("java.rmi.server.codebase", "http://ubuntux/~f4e/classes/");
        
		System.setProperty("javax.net.ssl.keyStore", "/home/f4e/src/clientkeystore");
		System.setProperty("javax.net.ssl.keyStorePassword", pass);
		System.setProperty("javax.net.ssl.trustStore", "/home/f4e/src/clienttruststore");
		System.setProperty("javax.net.ssl.trustStorePassword", pass);
	}
}

RmiRegistry.java

import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import java.rmi.registry.LocateRegistry;

public class RmiRegistry {
	public static void main(String[] args) {
		try {
			setSettings();
			
			LocateRegistry.createRegistry(1099, new SslRMIClientSocketFactory(),
												new SslRMIServerSocketFactory(null, null, true));
			
			Thread.sleep(Long.MAX_VALUE);
		} catch(Exception e) {
            System.err.println("RmiRegistry exception:");
            e.printStackTrace();
		}
	}
	
	private static void setSettings() {
        String pass = "rsfbpwks";
        //System.setProperty("java.security.policy", "server.policy");
        
        System.setProperty("java.rmi.server.codebase", "http://ubuntu/~f4e/classes/compute.jar");
		System.setProperty("java.rmi.server.hostname", "192.168.190.129");
		
		System.setProperty("javax.net.ssl.keyStore", "/home/f4e/src/regkeystore");
		System.setProperty("javax.net.ssl.keyStorePassword", pass);
		System.setProperty("javax.net.ssl.trustStore", "/home/f4e/src/regtruststore");
		System.setProperty("javax.net.ssl.trustStorePassword", pass);
	}
}

I used the following UPDATED commands to create the keystores, certificates and truststores:

keytool -genkeypair -alias server -keyalg RSA -validity 365 -keystore serverkeystore
keytool -export -alias server -keystore serverkeystore -rfc -file server.cer
keytool -import -alias servercert -file server.cer -keystore servertruststore

keytool -genkeypair -alias client -keyalg RSA -validity 365 -keystore clientkeystore
keytool -export -alias client -keystore clientkeystore -rfc -file client.cer
keytool -import -alias clientcert -file client.cer -keystore clienttruststore

keytool -genkeypair -alias reg -keyalg RSA -validity 365 -keystore regkeystore
keytool -export -alias reg -keystore regkeystore -rfc -file reg.cer
keytool -import -alias regcert -file reg.cer -keystore regtruststore

keytool -import -alias regcert -file reg.cer -keystore servertruststore
keytool -import -alias clientcert -file client.cer -keystore servertruststore

keytool -import -alias regcert -file reg.cer -keystore clienttruststore
keytool -import -alias servercert -file server.cer -keystore clienttruststore

keytool -import -alias clientcert -file client.cer -keystore regtruststore
keytool -import -alias servercert -file server.cer -keystore regtruststore

Thank you for your help.

Solution

  • Okay, I ended up solving my own problem after thinking a bit (and I finally understood (I think) what is going on with SSL and certificates). So, first of all, as I was running a custom RmiRegistry because of SSL, I needed to set those properties I set on JavaMainServer on the RmiRegistry and, of course, create certificate, keystore and truststore for it aswell.

    After this I was getting a PKIX exception. After thinking a little bit, I realised that I had to import the JavaMainServer certificate to the RmiRegistry truststore and import the RmiRegistry certificate to the JavaMainServer truststore. Also, do the same between the client and the server. Previously I was importing the JavaMainClient certificate to the JavaMainClient truststore and the JavaMainServer certificate to the JavaMainServer truststore only, which was dumb, if I understood the mechanism correctly. Updated the question with my final code.