Highlighted

ColdFusion 11 JMX Monitoring with SSL/TLS

New Here ,
Oct 29, 2015

Copy link to clipboard

Copied

Would like to monitor our JVM performance in the production network securely by enabling the SSL/TLS options available to JMX.

Having trouble even after I properly created valid keyStore/trustStore using an internal CA with a .csr for a .p7b.

However while attempting to poll the CF JVM for JMX I cannot get the secure negotiation to work properly.

Added these lines to /cfusion/bin/vm.config:

-Dcom.sun.management.jmxremote=true

-Dcom.sun.management.jmxremote.port=3333

-Dcom.sun.management.jmxremote.ssl=true

-Dcom.sun.management.jmxremote.authenticate=false

-Dcom.sun.management.jmxremote.ssl.need.client.auth=false

-Djavax.net.ssl.keyStore=jmxkey.keystore

-Djavax.net.ssl.keyStorePassword=password

Also want to enable these flags too for testing:

-Djavax.sun.management.jmxremote.ssl.enabled.protocols=TLSv1.2

-Djavax.sun.management.jmxremote.ssl.cipher.suites=TLS_RSA_WITH_AES_128_CBC_SHA

Everything on my jconsole setting are set up properly, what am I missing for the CF/JVM side?

Also I would like to see some documentation on this setup, haven't found anything through searching.

Closest example from IBM and Apache Tomcat.

Views

559

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

ColdFusion 11 JMX Monitoring with SSL/TLS

New Here ,
Oct 29, 2015

Copy link to clipboard

Copied

Would like to monitor our JVM performance in the production network securely by enabling the SSL/TLS options available to JMX.

Having trouble even after I properly created valid keyStore/trustStore using an internal CA with a .csr for a .p7b.

However while attempting to poll the CF JVM for JMX I cannot get the secure negotiation to work properly.

Added these lines to /cfusion/bin/vm.config:

-Dcom.sun.management.jmxremote=true

-Dcom.sun.management.jmxremote.port=3333

-Dcom.sun.management.jmxremote.ssl=true

-Dcom.sun.management.jmxremote.authenticate=false

-Dcom.sun.management.jmxremote.ssl.need.client.auth=false

-Djavax.net.ssl.keyStore=jmxkey.keystore

-Djavax.net.ssl.keyStorePassword=password

Also want to enable these flags too for testing:

-Djavax.sun.management.jmxremote.ssl.enabled.protocols=TLSv1.2

-Djavax.sun.management.jmxremote.ssl.cipher.suites=TLS_RSA_WITH_AES_128_CBC_SHA

Everything on my jconsole setting are set up properly, what am I missing for the CF/JVM side?

Also I would like to see some documentation on this setup, haven't found anything through searching.

Closest example from IBM and Apache Tomcat.

Views

560

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Oct 29, 2015 0

Have something to add?

Join the conversation