[jira] Commented: (GERONIMO-3876) Allow configuring JMX over SSL

Thu, 10 Jul 2008 13:59:04 -0700 

    [ 
https://issues.apache.org/jira/browse/GERONIMO-3876?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12612640#action_12612640
 ] 

Jarek Gawor commented on GERONIMO-3876:
---------------------------------------

I just committed a few changes to the deployer and the gshell connect command 
to enable them to communicate over a secure channel with JMX server (revision 
675713). 

These changes introduce a new option (--secure) which will configure things to 
use a SSLSocketFactory and the JMX Secure Connector. Since the default 
SSLSocketFactory is used, the user must configure the environment correctly to 
use the Geronimo keystore and truststore. For example, I did the following:

{code}
export GERONIMO_HOME=~/target/geronimo-jetty6-javaee5-2.2-SNAPSHOT
export 
JAVA_OPTS="-Djavax.net.ssl.keyStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
 -Djavax.net.ssl.keyStorePassword=secret 
-Djavax.net.ssl.trustStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
 -Djavax.net.ssl.trustStorePassword=secret"
$GERONIMO_HOME/bin/deploy.sh -u system -p manager --secure list-modules 
--stopped
{code}

Of course, the jmx-security plugin must be started on the server.

There is one change to an interface but that interface is only used by the 
client tools and therefore it should not affect the user or any applications. 
If there are no objections I will port these changes to branches/2.1.


> Allow configuring JMX over SSL
> ------------------------------
>
>                 Key: GERONIMO-3876
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3876
>             Project: Geronimo
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>          Components: management, security
>    Affects Versions: 2.1, 2.1.1, 2.2
>            Reporter: Vamsavardhana Reddy
>            Assignee: Jarek Gawor
>             Fix For: 2.2
>
>         Attachments: GERONIMO-3876-B.patch, GERONIMO-3876.21.patch, 
> GERONIMO-3876.patch
>
>
> Currently JMX connections to Geronimo or non-SSL and Geronimo does not 
> provide configuring SSL for JMX connections.  It may be useful to provide 
> configuration for JMX connections over SSL.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to