I am still working on this and will be focusing on the newest release of 6.1.0.
I will let you know if I experience any issues. Jason Jackson Senior Manager Main Office: 703-639-0709 Direct: 202-888-3973 Cellular: 863-370-5324 Fax: 571-431-7618 http://www.itechag.com/ -----Original Message----- From: Matt Pavlovich <[email protected]> Sent: Tuesday, February 27, 2024 10:11 PM To: [email protected] Subject: Re: ActiveMQ 6.0.1 Upgrade from 5.18..3 and JMX Settings CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Jason- Were you able to get this resolved? Be sure to use a recent JDK 17 release with ActiveMQ 6.0.x. A quick scan over those params looks correct and still valid in the JDK: https://github.com/openjdk/jdk/blob/4dd6c44cbdb0b5957414fa87b6c559fa4d6f2fa8/test/jdk/sun/management/jmxremote/startstop/JMXStartStopTest.java#L699 Thanks, Matt Pavlovich > On Jan 31, 2024, at 10:34 AM, Jason Jackson > <[email protected]> wrote: > > I am working on upgrading ActiveMQ from 5.18.3 to 6.0.1. > > For all previous 5.x version I have set the following JMX settings and there > have been no issues. > > -Dcom.sun.management.jmxremote=true > -Dcom.sun.management.jmxremote.port=1234 > -Dcom.sun.management.jmxremote.rmi.port=4321 > -Dcom.sun.management.jmxremote.ssl=true > -Dcom.sun.management.jmxremote.ssl.need.client.auth=false > -Dcom.sun.management.jmxremote.ssl.enabled.protocols="TLS_Versions" > -Dcom.sun.management.jmxremote.ssl.enabled.cipher.suites="Ciphers" > -Djavax.net.ssl.keyStore=<PATH>/keystore > -Djavax.net.ssl.keyStorePassword=Password > -Djavax.net.ssl.trustStore=<PATH>/truststore > -Djavax.net.ssl.trustStorePassword=Password > -Dcom.sun.management.jmxremote.authenticate=true > -Dcom.sun.management.jmxremote.login.config=JMX > -Djava.security.auth.login.config=<PATH>/login.config > -Dcom.sun.management.jmxremote.access.file=<PATH>/jmxremote.access > > This enables JMX over SSL for ActiveMQ and there have been no issues > connecting. > > During my testing of ActiveMQ 6.0.1 I used the same settings but I noticed > that the SSL portion does not appear to function correctly. > > If I set the following: > > -Dcom.sun.management.jmxremote.ssl=false > > I am able to connect but the connection does not use encryption, as soon as I > set it to true it fails again. > > I left the option as true and attempted to use openssl to see what > certificates and ciphers were being published on the port and when openssl > attempted to connect it informed me that SSL was not enabled and/or no > certificates were available. > > Has anyone else experienced any issues using JMX over SSL with version 6.0.1?
