You'll need to use jconsole with the same keystore/truststore you used for the jmx server side. Or you'll need to use an ssl certificate that's from a trusted CA already found in the default JVM keystore.
Note: the prior example is all using Java 8 update 112 btw. $ vim jconsole-ssl.sh --(snip)-- #!/bin/bash jconsole \ -J-Djavax.net.ssl.keyStore=jmxkeystore.jks \ -J-Djavax.net.ssl.keyStorePassword=changeme \ -J-Djavax.net.ssl.trustStore=jmxkeystore.jks \ -J-Djavax.net.ssl.trustStorePassword=changeme \ localhost:1616 --(/snip)-- Joakim Erdfelt / [email protected] On Tue, Feb 14, 2017 at 3:30 PM, Brian Reichert <[email protected]> wrote: > On Thu, Feb 09, 2017 at 02:11:23PM -0700, Joakim Erdfelt wrote: > > Here you go. > > > > Using Jetty 9.4.1 demo-base ... > > Thanks for such an explicit test case. :) > > Following along, with jetty-distribution-9.3.8.v20160314. > > - created SSL keystore, successfully, just as you did. > > - created modules/jmx-ssl.mod. One change; for some reason, this > version of jetty did not honor the use of '${jetty.base}' in the module: > > java -jar ../start.jar --module=jmx-ssl > > ... > Caused by: java.io.FileNotFoundException: ${jetty.base}/jmxkeystore.jks > (No such file or directory) > at java.io.FileInputStream.open0(Native Method) > at java.io.FileInputStream.open(FileInputStream.java:195) > at java.io.FileInputStream.<init>(FileInputStream.java:138) > at java.io.FileInputStream.<init>(FileInputStream.java:93) > at sun.security.ssl.SSLContextImpl$DefaultSSLContext$2.run( > SSLContextImpl.java:827) > at sun.security.ssl.SSLContextImpl$DefaultSSLContext$2.run( > SSLContextImpl.java:824) > > The configuration otherwise seems set: > > java -jar ../start.jar --list-config | grep jetty.base > jetty.base = /usr/jetty-distribution-9.3.8.v20160314/demo-base > ${jetty.base} -> /usr/jetty-distribution-9.3.8.v20160314/demo-base > 8: 1.4.1.v201005082020 | > ${jetty.base}/lib/ext/javax.mail.glassfish-1.4.1.v201005082020.jar > 9: 9.3.8.v20160314 | > ${jetty.base}/lib/ext/test-mock-resources-9.3.8.v20160314.jar > 10: (dir) | ${jetty.base}/resources > ${jetty.base}/etc/demo-rewrite-rules.xml > > I worked past this by supplying an absolute pathname in the module, e.g.: > > -Djavax.net.ssl.keyStore=/usr/jetty-distribution-9.3.8. > v20160314/demo-base/jmxkeystore.jks > > Now, I do get port 1616 opened up, and there is an SSL interface > there, and this port is exposed on the external NIC, all of which > is desirable. > > But, when I connect remotely using jconsole, I get this error: > > non-JRMP server at remote endpoint > > I also explored using a command-line JMX console tool to connect locally: > > http://wiki.cyclopsgroup.org/jmxterm/ > > but it got the same error. > > I've tried setting the port to 1099, in case something had a baked-in > default, to no avail. > > Googling that error doesn't give me any pointers that seem applicable > to my situation. :/ > > I'll keep digging, but I did want to report back. > > > > > - Joakim > > > > > > Joakim Erdfelt / [email protected] > > -- > Brian Reichert <[email protected]> > BSD admin/developer at large > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
