Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] configuring JMX interface to use SSL

On Wed, Feb 08, 2017 at 05:38:21PM +0100, Simone Bordet wrote:
> Hi,
> 
> On Wed, Feb 8, 2017 at 5:12 PM, Brian Reichert <reichert@xxxxxxxxxxx> wrote:
> > That I'm willing to do, but I was hoping for, at least, some
> > confirmation that my expectations are correct.
> >
> > - should this, out of the box, spin up a SSL-protected JXM interface?
> >
> >         java -jar start.jar --module=jmx,jmx-remote,ssl
> 
> No. the "ssl" module is for connectors, not for jmx. The fact that JMX
> may open a server socket is not influenced by the ssl module.

True, 'ssl' does what you say; I kicked it into play to otherwise
demonstrate that my jetty-based server does have the trustStore/keyStore
properly configured, implying that they would be utilized by the
SSL-enabled JMX interface.

According to Oracle:

https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html

  SSL is enabled by default when you enable remote monitoring and
  management.  To use SSL, you need to set up a digital certificate
  on the system where the JMX agent (the MBean server) is running
  and then configure SSL properly.

My expectation was that my successful SSL test would satisfy the
above requirements.

Was I incorrect in that matter?

> 
> > - should I be able to disable authentication by setting
> >
> >         -Dcom.sun.management.jmxremote. authenticate=false?
> 
> I'd say yes.
> 
> -- 
> Simone Bordet
> ----
> http://cometd.org
> http://webtide.com
> Developer advice, training, services and support
> from the Jetty & CometD experts.
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/jetty-users

-- 
Brian Reichert				<reichert@xxxxxxxxxxx>
BSD admin/developer at large	


Back to the top