[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] configuring JMX interface to use SSL
|
On Wed, Feb 15, 2017 at 10:01:56AM -0500, Brian Reichert wrote:
> On Tue, Feb 14, 2017 at 04:11:34PM -0700, Joakim Erdfelt wrote:
> > You'll need to use jconsole with the same keystore/truststore you used for
> > the jmx server side.
> > Or you'll need to use an ssl certificate that's from a trusted CA already
> > found in the default JVM keystore.
>
> I am supplying those properties when I used the locally-run jmxconcole.
>
> I'll specifically copy over the jmxkeystore.jks to where I'm firing
> up jconsole, to try as you suggest.
And that indeed works! Thanks for patiently walking me through
this; I do recall accomplishing this using jetty 6 a few years ago,
but have apparently not retained enough knowledge.
(I had higher hopes for that jmxconsole utility, but it's my fault
for testing with a nonstandard tool.)
I wanted to expand on this, and explore the jmx-remote module. In your
jmx-ssl.mod, I:
- added jmx-remote to the 'depend' section
- commented out the com.sun.management.jmxremote.port
When I spun the demo app back up, the JMX interface was no longer
protected with SSL.
Is that expected?
--
Brian Reichert <reichert@xxxxxxxxxxx>
BSD admin/developer at large