Re: [jetty-users] configuring JMX interface to use SSL

Hi, On Tue, Feb 7, 2017 at 4:34 PM, Brian Reichert wrote: > Has anyone configured the JMX interface to employ SSL in jetty 9? We have reworked the JMX support in https://github.com/eclipse/jetty.project/issues/1517. It now supports also TLS out of the box. The

Re: [jetty-users] configuring JMX interface to use SSL

On Wed, Feb 15, 2017 at 10:35:27AM -0500, Brian Reichert wrote: > (I had higher hopes for that jmxconsole utility, but it's my fault > for testing with a nonstandard tool.) And I meant 'jmxterm', and I just found their developer page that calls out that SSL is on the roadmap, and hence not in

Re: [jetty-users] configuring JMX interface to use SSL

On Wed, Feb 15, 2017 at 10:01:56AM -0500, Brian Reichert wrote: > On Tue, Feb 14, 2017 at 04:11:34PM -0700, Joakim Erdfelt wrote: > > You'll need to use jconsole with the same keystore/truststore you used for > > the jmx server side. > > Or you'll need to use an ssl certificate that's from a

Re: [jetty-users] configuring JMX interface to use SSL

On Tue, Feb 14, 2017 at 04:11:34PM -0700, Joakim Erdfelt wrote: > You'll need to use jconsole with the same keystore/truststore you used for > the jmx server side. > Or you'll need to use an ssl certificate that's from a trusted CA already > found in the default JVM keystore. I am supplying those

Re: [jetty-users] configuring JMX interface to use SSL

You'll need to use jconsole with the same keystore/truststore you used for the jmx server side. Or you'll need to use an ssl certificate that's from a trusted CA already found in the default JVM keystore. Note: the prior example is all using Java 8 update 112 btw. $ vim jconsole-ssl.sh

Re: [jetty-users] configuring JMX interface to use SSL

On Thu, Feb 09, 2017 at 02:11:23PM -0700, Joakim Erdfelt wrote: > Here you go. > > Using Jetty 9.4.1 demo-base ... Thanks for such an explicit test case. :) Following along, with jetty-distribution-9.3.8.v20160314. - created SSL keystore, successfully, just as you did. - created

Re: [jetty-users] configuring JMX interface to use SSL

Here you go. Using Jetty 9.4.1 demo-base ... $ cd /path/to/jetty-distribution-9.4.1.v20170120/demo-base $ keytool -genkeypair -keyalg RSA -keystore jmxkeystore.jks -dname cn=test,ou=localhost,dc=example,dc=com (I created the keystore with password 'changeme') $ mkdir modules $ vim

Re: [jetty-users] configuring JMX interface to use SSL

Hi, On Thu, Feb 9, 2017 at 9:17 PM, Brian Reichert wrote: > On Thu, Feb 09, 2017 at 09:23:16PM +0100, Simone Bordet wrote: >> Keep only the jmx module, remove the jmx-remote module. > > BTW, I do appreciate your guidance here. > > I've tried this: > > java -jar

Re: [jetty-users] configuring JMX interface to use SSL

On Thu, Feb 09, 2017 at 09:23:16PM +0100, Simone Bordet wrote: > Keep only the jmx module, remove the jmx-remote module. BTW, I do appreciate your guidance here. I've tried this: java -jar ../start.jar --module=jmx That only opened up the two configured HTTP[S] ports: # lsof -P -n -p

Re: [jetty-users] configuring JMX interface to use SSL

Hi, On Thu, Feb 9, 2017 at 8:57 PM, Brian Reichert wrote: > On Wed, Feb 08, 2017 at 06:43:32PM +0100, Simone Bordet wrote: >> If you want to have JMX over SSL, just enable the jmx module in Jetty. >> This will expose the Jetty components as MBeans. >> >> Then you enable all

Re: [jetty-users] configuring JMX interface to use SSL

On Wed, Feb 08, 2017 at 06:43:32PM +0100, Simone Bordet wrote: > If you want to have JMX over SSL, just enable the jmx module in Jetty. > This will expose the Jetty components as MBeans. > > Then you enable all the relevant system properties reported by the > link above to enable remote

Re: [jetty-users] configuring JMX interface to use SSL

Hi, On Wed, Feb 8, 2017 at 6:02 PM, Brian Reichert wrote: > According to Oracle: > > https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html > > SSL is enabled by default when you enable remote monitoring and > management. To use SSL, you need to

Re: [jetty-users] configuring JMX interface to use SSL

On Wed, Feb 08, 2017 at 05:38:21PM +0100, Simone Bordet wrote: > Hi, > > On Wed, Feb 8, 2017 at 5:12 PM, Brian Reichert wrote: > > That I'm willing to do, but I was hoping for, at least, some > > confirmation that my expectations are correct. > > > > - should this, out of

Re: [jetty-users] configuring JMX interface to use SSL

Hi, On Wed, Feb 8, 2017 at 5:12 PM, Brian Reichert wrote: > That I'm willing to do, but I was hoping for, at least, some > confirmation that my expectations are correct. > > - should this, out of the box, spin up a SSL-protected JXM interface? > > java -jar

Re: [jetty-users] configuring JMX interface to use SSL

On Wed, Feb 08, 2017 at 11:44:33AM +0100, Simone Bordet wrote: > Hi, > > On Tue, Feb 7, 2017 at 7:06 PM, Brian Reichert wrote: > > But, jetty renames some of the properties, e.g.: > > File an issue. We should at least verify that this is doable, and if > so document it

Re: [jetty-users] configuring JMX interface to use SSL

Hi, On Tue, Feb 7, 2017 at 7:06 PM, Brian Reichert wrote: > But, jetty renames some of the properties, e.g.: File an issue. We should at least verify that this is doable, and if so document it properly. There is some machinery to put in place for RMI to use TLS which we

Re: [jetty-users] configuring JMX interface to use SSL

On Tue, Feb 07, 2017 at 09:10:37AM -0700, Joakim Erdfelt wrote: > Setting up the remote JMX port for SSL/TLS would be entirely within the > scope of the JVM options. > > Jetty is not involved in the JMX service, it merely exposes components to > the JMX layer. But, jetty renames some of the

Re: [jetty-users] configuring JMX interface to use SSL

Setting up the remote JMX port for SSL/TLS would be entirely within the scope of the JVM options. Jetty is not involved in the JMX service, it merely exposes components to the JMX layer. The rest is handled by the JVM. The instructions you have linked to are the only ones I'm aware of for

[jetty-users] configuring JMX interface to use SSL

Has anyone configured the JMX interface to employ SSL in jetty 9? The docs for JMX under jetty 9 don't call it out at all: http://www.eclipse.org/jetty/documentation/current/jmx-chapter.html#using-jmx And my efforts to set the related properties in my start.ini file don't seem to be honored: