JMX RMI Connection in SSL Mode
I am using tomcats JMX Server.
I have enabled it to run in SSL mode by setting
-Dcom.sun.management.jmxremote.port=9000 \
-Dcom.sun.management.jmxremote.authenticate=false \
-Dcom.sun.management.jmxremote.ssl=true \
-Dcom.sun.management.jmxremote.ssl.need.client.auth=true \
in tomcat's start-up script
When i try to connect to Tomcats JMX Server using jConsole by providing JMXService url(service:jmx:rmi://localhost/jndi/rmi://10.19.128.40:9000/jmxrmi) i get connection failed.
[530 byte] By [
JMXa] at [2007-10-3 2:50:04]
[nobr]
Hi,
When using SSL with mutual authentication you also need to provide a keystore
and a truststore both on the client side and on the server side.
1) Did you configure tomcat's truststore with your client certificate?
2) Did you start jconsole with a truststore and a keystore?
FYI the command line for jconsole should be something like:
jconsole -J-Djavax.net.ssl.keyStore=keystore -J-Djavax.net.ssl.keyStorePassword=keystore-password -J-Djavax.net.ssl.trustStore=truststore -J-Djavax.net.ssl.trustStorePassword=truststore-password
You will find more info on using SSL at:
http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#HowSSLWorks
If you still have problems connecting with jconsole you may also want to read
this:
http://blogs.sun.com/roller/page/jmxetc?entry=troubleshooting_connection_problems_in_jconsole
Hope this helps,
-- daniel
Note: in JDK 6, b96, there is now an advanced JMX example that shows how to connect to a secure agent using jconsole. See:
http://blogs.sun.com/roller/page/jmxetc?entry=an_advanced_jmx_example_for
Message was edited by:
dfuchs[/nobr]
