On Wed, Feb 15, 2017 at 10:01:56AM -0500, Brian Reichert wrote: > On Tue, Feb 14, 2017 at 04:11:34PM -0700, Joakim Erdfelt wrote: > > You'll need to use jconsole with the same keystore/truststore you used for > > the jmx server side. > > Or you'll need to use an ssl certificate that's from a trusted CA already > > found in the default JVM keystore. > > I am supplying those properties when I used the locally-run jmxconcole. > > I'll specifically copy over the jmxkeystore.jks to where I'm firing > up jconsole, to try as you suggest.
And that indeed works! Thanks for patiently walking me through this; I do recall accomplishing this using jetty 6 a few years ago, but have apparently not retained enough knowledge. (I had higher hopes for that jmxconsole utility, but it's my fault for testing with a nonstandard tool.) I wanted to expand on this, and explore the jmx-remote module. In your jmx-ssl.mod, I: - added jmx-remote to the 'depend' section - commented out the com.sun.management.jmxremote.port When I spun the demo app back up, the JMX interface was no longer protected with SSL. Is that expected? -- Brian Reichert <[email protected]> BSD admin/developer at large _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
