Configuring JMX on the Server Side

Complete the following procedure to configure JMX on the server side when enabling secure client-to-node connections using SSL.

jvm-server.options

There are three files that control Java Virtual Machine (JVM) options:

  • jvm-server.options: options independent of any particular JVM

  • jvm8-server.options: options particular to JVM 8

  • jvm11-server.options: options particular to JVM 11

The location of the jvm [8 | 11] -server.options file depends on the type of installation:

Package installations

/etc/dse/cassandra/jvm [8 | 11] -server.options

Tarball installations

<installation_location>/resources/cassandra/conf/jvm [8 | 11] -server.options

Procedure

  1. If the $LOCAL_JMX setting is present, change it to no.

    "$LOCAL_JMX" = "no"

  2. Enable JMX authentication by setting -Dcom.sun.management.jmxremote.authenticate to true:

    JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true

  3. Locate the cassandra-env.sh file. The location of this file depends on the type of installation:

    • Package installations: /etc/dse/cassandra/cassandra-env.sh

    • Tarball installations: <installation_location>/resources/cassandra/conf/cassandra-env.sh

  4. Uncomment the following settings in the cassandra-env.sh file. You must specify the path to appropriate keystore and truststore, including passwords for each.

    You can also use the jvm-server.options file as described in Setting system properties during startup.

    		 
    JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=true"
JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.need.client.auth=true"
JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.registry.ssl=true"
JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStore=<path_to_keystore.jks>"
JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStorePassword=<keystore-password>"
JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStore=<path_to_truststore.jks>"
JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStorePassword=<truststore-password>"
    com.sun.management.jmxremote.ssl

    Set to true to enable SSL for JMX.

    com.sun.management.jmxremote.ssl.need.client.auth

    Set to true to enable two-way certificate authentication.

    com.sun.management.jmxremote.registry.ssl

    Set to true to create an RMI registry protected by SSL, and configure a management agent when the JVM starts.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax, an IBM Company | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com