|Re: [jetty-users] configuring JMX interface to use SSL|
Hi, On Wed, Feb 8, 2017 at 6:02 PM, Brian Reichert <reichert@xxxxxxxxxxx> wrote: > According to Oracle: > > https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html > > SSL is enabled by default when you enable remote monitoring and > management. To use SSL, you need to set up a digital certificate > on the system where the JMX agent (the MBean server) is running > and then configure SSL properly. > > My expectation was that my successful SSL test would satisfy the > above requirements. > > Was I incorrect in that matter? Your SSL test had nothing to do with JMX. The JVM uses system properties to enable internally what Jetty enables with the jmx-remote module (namely, an RMIRegistry and a JMXConnectorServer). The 2 systems should be equivalent; if Jetty's does not have the capabilities of the JVM's, then we should improve it. If you want to have JMX over SSL, just enable the jmx module in Jetty. This will expose the Jetty components as MBeans. Then you enable all the relevant system properties reported by the link above to enable remote monitoring via SSL. The reason of the existence of the jmx-remote module is that the default support by the JVM opens a random port for the JMXConnectorServer, which is not friendly for firewalls. -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts.
Back to the top