Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] configuring JMX interface to use SSL 
On Thu, Feb 09, 2017 at 02:11:23PM -0700, Joakim Erdfelt wrote:
> Here you go.
> 
> Using Jetty 9.4.1 demo-base ...

Thanks for such an explicit test case. :)

Following along, with jetty-distribution-9.3.8.v20160314.

- created SSL keystore, successfully, just as you did.

- created modules/jmx-ssl.mod.  One change; for some reason, this
  version of jetty did not honor the use of '${jetty.base}' in the module:

    java -jar ../start.jar --module=jmx-ssl

    ...
    Caused by: java.io.FileNotFoundException: ${jetty.base}/jmxkeystore.jks
    (No such file or directory)
        at java.io.FileInputStream.open0(Native Method)
        at java.io.FileInputStream.open(FileInputStream.java:195)
        at java.io.FileInputStream.<init>(FileInputStream.java:138)
        at java.io.FileInputStream.<init>(FileInputStream.java:93)
        at sun.security.ssl.SSLContextImpl$DefaultSSLContext$2.run(SSLContextImpl.java:827)
        at sun.security.ssl.SSLContextImpl$DefaultSSLContext$2.run(SSLContextImpl.java:824)

  The configuration otherwise seems set:

    java -jar ../start.jar --list-config | grep jetty.base
     jetty.base = /usr/jetty-distribution-9.3.8.v20160314/demo-base
     ${jetty.base} -> /usr/jetty-distribution-9.3.8.v20160314/demo-base
     8:      1.4.1.v201005082020 |
    ${jetty.base}/lib/ext/javax.mail.glassfish-1.4.1.v201005082020.jar
     9:          9.3.8.v20160314 |
    ${jetty.base}/lib/ext/test-mock-resources-9.3.8.v20160314.jar
    10:                    (dir) | ${jetty.base}/resources
     ${jetty.base}/etc/demo-rewrite-rules.xml

  I worked past this by supplying an absolute pathname in the module, e.g.:

    -Djavax.net.ssl.keyStore=/usr/jetty-distribution-9.3.8.v20160314/demo-base/jmxkeystore.jks

Now, I do get port 1616 opened up, and there is an SSL interface
there, and this port is exposed on the external NIC, all of which
is desirable.

But, when I connect remotely using jconsole, I get this error:

  non-JRMP server at remote endpoint

I also explored using a command-line JMX console tool to connect locally:

  http://wiki.cyclopsgroup.org/jmxterm/

but it got the same error.

I've tried setting the port to 1099, in case something had a baked-in
default, to no avail.

Googling that error doesn't give me any pointers that seem applicable
to my situation. :/

I'll keep digging, but I did want to report back.

> 
> - Joakim
> 
> 
> Joakim Erdfelt / joakim@xxxxxxxxxxx

-- 
Brian Reichert				<reichert@xxxxxxxxxxx>
BSD admin/developer at large

Back to the top