Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] configuring JMX interface to use SSL

On Wed, Feb 08, 2017 at 06:43:32PM +0100, Simone Bordet wrote:
> If you want to have JMX over SSL, just enable the jmx module in Jetty.
> This will expose the Jetty components as MBeans.
> 
> Then you enable all the relevant system properties reported by the
> link above to enable remote monitoring via SSL.

Ok, I've tried these invocations, and none of them yield an SSL
certificate when I connect to port 1099, when I use the 'demo-base'
app:

   # pwd
  /usr/jetty-distribution-9.3.8.v20160314/demo-base

  java -jar ../start.jar --module=jmx,jmx-remote

  # This should be the operational default, but just to make sure...
  java -Dcom.sun.management.jmxremote.ssl=true \
       -jar ../start.jar --module=jmx,jmx-remote

  # RMI Registry Authentication is 'false' by default
  java -Dcom.sun.management.jmxremote.ssl=true \
       -Dcom.sun.management.jmxremote.registry.ssl=true \
       -jar ../start.jar --module=jmx,jmx-remote

Should any of these have worked?  Or am I misunderstanding what
you're saying?

> The reason of the existence of the jmx-remote module is that the
> default support by the JVM opens a random port for the
> JMXConnectorServer, which is not friendly for firewalls.

Pretty neat. :)

> -- 
> Simone Bordet
> ----
> http://cometd.org
> http://webtide.com
> Developer advice, training, services and support
> from the Jetty & CometD experts.
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/jetty-users

-- 
Brian Reichert				<reichert@xxxxxxxxxxx>
BSD admin/developer at large	


Back to the top