[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] configuring JMX interface to use SSL
|
Hi,
On Wed, Feb 8, 2017 at 6:02 PM, Brian Reichert <reichert@xxxxxxxxxxx> wrote:
> According to Oracle:
>
> https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html
>
> SSL is enabled by default when you enable remote monitoring and
> management. To use SSL, you need to set up a digital certificate
> on the system where the JMX agent (the MBean server) is running
> and then configure SSL properly.
>
> My expectation was that my successful SSL test would satisfy the
> above requirements.
>
> Was I incorrect in that matter?
Your SSL test had nothing to do with JMX.
The JVM uses system properties to enable internally what Jetty enables
with the jmx-remote module (namely, an RMIRegistry and a
JMXConnectorServer).
The 2 systems should be equivalent; if Jetty's does not have the
capabilities of the JVM's, then we should improve it.
If you want to have JMX over SSL, just enable the jmx module in Jetty.
This will expose the Jetty components as MBeans.
Then you enable all the relevant system properties reported by the
link above to enable remote monitoring via SSL.
The reason of the existence of the jmx-remote module is that the
default support by the JVM opens a random port for the
JMXConnectorServer, which is not friendly for firewalls.
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
