Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] configuring JMX interface to use SSL

On Wed, Feb 15, 2017 at 10:01:56AM -0500, Brian Reichert wrote:
> On Tue, Feb 14, 2017 at 04:11:34PM -0700, Joakim Erdfelt wrote:
> > You'll need to use jconsole with the same keystore/truststore you used for
> > the jmx server side.
> > Or you'll need to use an ssl certificate that's from a trusted CA already
> > found in the default JVM keystore.
> 
> I am supplying those properties when I used the locally-run jmxconcole.
> 
> I'll specifically copy over the jmxkeystore.jks to where I'm firing
> up jconsole, to try as you suggest.

And that indeed works!  Thanks for patiently walking me through
this; I do recall accomplishing this using jetty 6 a few years ago,
but have apparently not retained enough knowledge.

(I had higher hopes for that jmxconsole utility, but it's my fault
for testing with a nonstandard tool.)

I wanted to expand on this, and explore the jmx-remote module. In your
jmx-ssl.mod, I:

- added jmx-remote to the 'depend' section
- commented out the com.sun.management.jmxremote.port

When I spun the demo app back up, the JMX interface was no longer
protected with SSL.

Is that expected?


-- 
Brian Reichert				<reichert@xxxxxxxxxxx>
BSD admin/developer at large	


Back to the top