-1

I'm trying to connect to remote service running on Amazon EC2 via JMX. Ports are opened and it looks managing to establish connection but starts to pending and then fails with message like 'You are trying to connect over SSL when it is not configured properly, do you want to try without SSL?'

I found docs where key and trust stores are used to establish connection with JConsole but I have a private key only provided by Amazon EC2 services and the problem for me is that I don't understand how to use it with JConsole to establish connection.

Could someone pleas point me to right direction?

Viktor Stolbin
  • 2,899
  • 4
  • 32
  • 53
  • You have a private key supplied by somebody else? That doesn't begin to make sense. It can't be private if two entities know about it. – user207421 Oct 03 '13 at 17:39
  • @EJP Private key was generated by myself using Amazon EC2 security tools. We could discuss secondary obvious stuff here as long as you like but I'd like to get some help here, that's why i raised the question. – Viktor Stolbin Oct 03 '13 at 19:54
  • We can only have a proper discussion if you describe your situation accurately. You haven't succeeded so far. – user207421 Oct 03 '13 at 23:41
  • @EJP I don't think so. The fact question is not clear for you doesn't mean nobody can answer. But don't worry your vote is always taken into account. – Viktor Stolbin Oct 04 '13 at 06:31
  • When you start out by talking about SSH, which isn't present, and continue by talking about getting a private key from a third party, when you didn't, you cannot claim to be describing your situation accurately. – user207421 Oct 04 '13 at 08:26

2 Answers2

1

You will need to create a key store and import your private key enerated by EC2. Then you will need to create a trust store and import the EC2's certificate there. The difference between keystore and trustore is described here.

Once you have your keystore and truststore ready you can, for example, install the Security plugin to VisualVM and use the security configuration dialogue in the options to use the stores to communicate with secured servers. Or you can follow that guide you found for JConosole.

Community
  • 1
  • 1
JB-
  • 2,615
  • 18
  • 17
  • Thank you. I tried some workarounds to import rsa key into keystore and all failed because it can't recognize X.509 certificate even if it's converted properly (I think so) with openssl tool. I'm not sure I don't need corresponding to private key certificate to import with tool. Could you please help? – Viktor Stolbin Oct 05 '13 at 14:17
  • Hm, have you followed this guide - http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.html ? – JB- Oct 07 '13 at 08:17
0

You are conflating SSH and SSL. They aren't the same thing. And there is no such thing as 'having private key only'. Every private key has a corresponding public key. Your question doesn't actually make sense.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • Thanks for spotting 'vital point' saying that SSH and SSL are not same things and that private key always has corresponding public key. The question makes sense having more details added, please check above. – Viktor Stolbin Oct 03 '13 at 05:22
  • The public key can always be generated / calculated from the private key though. – Ákos Vandra-Meyer Feb 28 '17 at 15:39