Copy link to clipboard
Copied
Would like to monitor our JVM performance in the production network securely by enabling the SSL/TLS options available to JMX.
Having trouble even after I properly created valid keyStore/trustStore using an internal CA with a .csr for a .p7b.
However while attempting to poll the CF JVM for JMX I cannot get the secure negotiation to work properly.
Added these lines to /cfusion/bin/vm.config:
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.port=3333
-Dcom.sun.management.jmxremote.ssl=true
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl.need.client.auth=false
-Djavax.net.ssl.keyStore=jmxkey.keystore
-Djavax.net.ssl.keyStorePassword=password
Also want to enable these flags too for testing:
-Djavax.sun.management.jmxremote.ssl.enabled.protocols=TLSv1.2
-Djavax.sun.management.jmxremote.ssl.cipher.suites=TLS_RSA_WITH_AES_128_CBC_SHA
Everything on my jconsole setting are set up properly, what am I missing for the CF/JVM side?
Also I would like to see some documentation on this setup, haven't found anything through searching.
Closest example from IBM and Apache Tomcat.
Have something to add?