Configure JMX on the server side

Complete the following procedure to configure JMX on the server side when enabling secure client-to-node connections using SSL.

jvm-server.options

There are three files that control Java Virtual Machine (JVM) options:

  • jvm-server.options: options independent of any particular JVM

  • jvm8-server.options: options particular to JVM 8

  • jvm11-server.options: options particular to JVM 11

The location of the jvm [8 | 11] -server.options file depends on your installation type.

  • Package installations

  • Tarball installations

/etc/hcd/cassandra/jvm [8 \| 11] -server.options
INSTALLATION_LOCATION/resources/cassandra/conf/jvm [8 \| 11] -server.options

Procedure

  1. If the $LOCAL_JMX setting is present, change it to no.

    "$LOCAL_JMX" = "no"

  2. Enable JMX authentication by setting -Dcom.sun.management.jmxremote.authenticate to true:

    JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true

  3. Locate the cassandra-env.sh file. The location of this file depends on your installation type.

    • Package installations

    • Tarball installations

    /etc/hcd/cassandra/cassandra-env.sh
    INSTALLATION_LOCATION/resources/cassandra/conf/cassandra-env.sh

    Replace INSTALLATION_LOCATION with the path where you extracted the HCD tarball.

  4. Uncomment the following settings in the cassandra-env.sh file. You must specify the path to appropriate keystore and truststore, including passwords for each.

    You can also use the jvm-server.options file as described in Setting system properties during startup.

    		 
    JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=true"
JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.need.client.auth=true"
JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.registry.ssl=true"
JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStore=<path_to_keystore.jks>"
JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStorePassword=<keystore-password>"
JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStore=<path_to_truststore.jks>"
JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStorePassword=<truststore-password>"
    com.sun.management.jmxremote.ssl

    Set to true to enable SSL for JMX.

    com.sun.management.jmxremote.ssl.need.client.auth

    Set to true to enable two-way certificate authentication.

    com.sun.management.jmxremote.registry.ssl

    Set to true to create an RMI registry protected by SSL, and configure a management agent when the JVM starts.

Was this helpful?

Give Feedback

How can we improve the documentation?

© Copyright IBM Corporation 2025 | Privacy policy | Terms of use Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: Contact IBM