Hi,
On Tue, Feb 7, 2017 at 4:34 PM, Brian Reichert wrote:
> Has anyone configured the JMX interface to employ SSL in jetty 9?
We have reworked the JMX support in
https://github.com/eclipse/jetty.project/issues/1517.
It now supports also TLS out of the box.
The
On Wed, Feb 15, 2017 at 10:35:27AM -0500, Brian Reichert wrote:
> (I had higher hopes for that jmxconsole utility, but it's my fault
> for testing with a nonstandard tool.)
And I meant 'jmxterm', and I just found their developer page that
calls out that SSL is on the roadmap, and hence not in
On Wed, Feb 15, 2017 at 10:01:56AM -0500, Brian Reichert wrote:
> On Tue, Feb 14, 2017 at 04:11:34PM -0700, Joakim Erdfelt wrote:
> > You'll need to use jconsole with the same keystore/truststore you used for
> > the jmx server side.
> > Or you'll need to use an ssl certificate that's from a
On Tue, Feb 14, 2017 at 04:11:34PM -0700, Joakim Erdfelt wrote:
> You'll need to use jconsole with the same keystore/truststore you used for
> the jmx server side.
> Or you'll need to use an ssl certificate that's from a trusted CA already
> found in the default JVM keystore.
I am supplying those
You'll need to use jconsole with the same keystore/truststore you used for
the jmx server side.
Or you'll need to use an ssl certificate that's from a trusted CA already
found in the default JVM keystore.
Note: the prior example is all using Java 8 update 112 btw.
$ vim jconsole-ssl.sh
On Thu, Feb 09, 2017 at 02:11:23PM -0700, Joakim Erdfelt wrote:
> Here you go.
>
> Using Jetty 9.4.1 demo-base ...
Thanks for such an explicit test case. :)
Following along, with jetty-distribution-9.3.8.v20160314.
- created SSL keystore, successfully, just as you did.
- created
Here you go.
Using Jetty 9.4.1 demo-base ...
$ cd /path/to/jetty-distribution-9.4.1.v20170120/demo-base
$ keytool -genkeypair -keyalg RSA -keystore jmxkeystore.jks -dname
cn=test,ou=localhost,dc=example,dc=com
(I created the keystore with password 'changeme')
$ mkdir modules
$ vim
Hi,
On Thu, Feb 9, 2017 at 9:17 PM, Brian Reichert wrote:
> On Thu, Feb 09, 2017 at 09:23:16PM +0100, Simone Bordet wrote:
>> Keep only the jmx module, remove the jmx-remote module.
>
> BTW, I do appreciate your guidance here.
>
> I've tried this:
>
> java -jar
On Thu, Feb 09, 2017 at 09:23:16PM +0100, Simone Bordet wrote:
> Keep only the jmx module, remove the jmx-remote module.
BTW, I do appreciate your guidance here.
I've tried this:
java -jar ../start.jar --module=jmx
That only opened up the two configured HTTP[S] ports:
# lsof -P -n -p
Hi,
On Thu, Feb 9, 2017 at 8:57 PM, Brian Reichert wrote:
> On Wed, Feb 08, 2017 at 06:43:32PM +0100, Simone Bordet wrote:
>> If you want to have JMX over SSL, just enable the jmx module in Jetty.
>> This will expose the Jetty components as MBeans.
>>
>> Then you enable all
On Wed, Feb 08, 2017 at 06:43:32PM +0100, Simone Bordet wrote:
> If you want to have JMX over SSL, just enable the jmx module in Jetty.
> This will expose the Jetty components as MBeans.
>
> Then you enable all the relevant system properties reported by the
> link above to enable remote
Hi,
On Wed, Feb 8, 2017 at 6:02 PM, Brian Reichert wrote:
> According to Oracle:
>
> https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html
>
> SSL is enabled by default when you enable remote monitoring and
> management. To use SSL, you need to
On Wed, Feb 08, 2017 at 05:38:21PM +0100, Simone Bordet wrote:
> Hi,
>
> On Wed, Feb 8, 2017 at 5:12 PM, Brian Reichert wrote:
> > That I'm willing to do, but I was hoping for, at least, some
> > confirmation that my expectations are correct.
> >
> > - should this, out of
Hi,
On Wed, Feb 8, 2017 at 5:12 PM, Brian Reichert wrote:
> That I'm willing to do, but I was hoping for, at least, some
> confirmation that my expectations are correct.
>
> - should this, out of the box, spin up a SSL-protected JXM interface?
>
> java -jar
On Wed, Feb 08, 2017 at 11:44:33AM +0100, Simone Bordet wrote:
> Hi,
>
> On Tue, Feb 7, 2017 at 7:06 PM, Brian Reichert wrote:
> > But, jetty renames some of the properties, e.g.:
>
> File an issue. We should at least verify that this is doable, and if
> so document it
Hi,
On Tue, Feb 7, 2017 at 7:06 PM, Brian Reichert wrote:
> But, jetty renames some of the properties, e.g.:
File an issue. We should at least verify that this is doable, and if
so document it properly.
There is some machinery to put in place for RMI to use TLS which we
On Tue, Feb 07, 2017 at 09:10:37AM -0700, Joakim Erdfelt wrote:
> Setting up the remote JMX port for SSL/TLS would be entirely within the
> scope of the JVM options.
>
> Jetty is not involved in the JMX service, it merely exposes components to
> the JMX layer.
But, jetty renames some of the
Setting up the remote JMX port for SSL/TLS would be entirely within the
scope of the JVM options.
Jetty is not involved in the JMX service, it merely exposes components to
the JMX layer.
The rest is handled by the JVM.
The instructions you have linked to are the only ones I'm aware of for
Has anyone configured the JMX interface to employ SSL in jetty 9?
The docs for JMX under jetty 9 don't call it out at all:
http://www.eclipse.org/jetty/documentation/current/jmx-chapter.html#using-jmx
And my efforts to set the related properties in my start.ini file
don't seem to be honored:
19 matches
Mail list logo