Java JMX client with SSL

Question

I configured Apache Tomcat 8 using this tutorial https://tomcat.apache.org/tomcat-7.0-doc/monitoring.html and I generated SSL certificate.

JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://10.16.70.161:9999/jmxrmi");

            HashMap environment = new HashMap();
            String[] credentials = new String[]
            {
                "user", "passw"
            };
            environment.put(JMXConnector.CREDENTIALS, credentials);

            JMXConnector jmxc = JMXConnectorFactory.connect(url, environment);
            MBeanServerConnection server = jmxc.getMBeanServerConnection();

            Set<ObjectName> s2 = server.queryNames(new ObjectName("Catalina:type=Server,*"), null);
            for (ObjectName obj : s2)
            {
                ObjectName objname = new ObjectName(obj.getCanonicalName());
                System.out.println("serverInfo " + server.getAttribute(objname, "serverInfo"));
                System.out.println("address " + server.getAttribute(objname, "address"));
                System.out.println("stateName " + server.getAttribute(objname, "stateName"));
            }

How I need to extend this JMX client in order to use it with SSL certificate? I can't find any good example on Internet.

Val · Accepted Answer · 2015-12-28T05:18:20.053

7

You're almost there, your code is correct, you only need to start your JMX client with the following command-line after having added your SSL certificate to a trust store using the keytool command-line utility:

java -Djavax.net.ssl.trustStore=/your/path/to/truststore.jks \ 
  -Djavax.net.ssl.trustStorePassword=truststore_pwd \ 
  YourJMXClient

edited Dec 28 '15 at 05:18

answered Dec 27 '15 at 05:16

Val

207,596
13
358
360

Why do you add SslRMIServerSocketFactory and SslRMIClientSocketFactory? Is it mandatory? – Peter Penzov Dec 27 '15 at 09:33
Sorry about that, it's only necessary when you want to create a JMXServer. In this case, all you need to do is to configure your trust store and pass it to your client when you start. – Val Dec 28 '15 at 05:19
Can I somehow use Java code to set trustStore location and password without complete custom JMX client? I made a new post here http://stackoverflow.com/questions/34474023/replace-system-setproperty – Peter Penzov Dec 28 '15 at 06:29

Java JMX client with SSL

1 Answers1