Set up SSL for JConsole (JMX)
Using JConsole with SSL requires the same JMX changes to cassandra-env.sh as nodetool.
The location of the cassandra-env.sh file depends on your installation type.
-
Package installations
-
Tarball installations
/etc/hcd/cassandra/cassandra-env.shINSTALLATION_LOCATION/resources/cassandra/conf/cassandra-env.shReplace INSTALLATION_LOCATION with the path where you extracted the HCD tarball.
See Configure SSL for nodetool, nodesync, dsetool, and Advanced Replication.
You do not need to create a nodetool-ssl.properties file, but the same JVM keystore and truststore options must be specified with jconsole on the command line.
Prerequisites
-
Create SSL certificates with a self-signed CA for production environments, or create SSL certificates for development environments.
Use JConsole with SSL
-
Copy the keystore and truststore files to the node where
JConsoleis to be run. In this example, the files areserver-keystore.jksandserver-truststore.jks. -
Run
jconsoleusing the JVM options:jconsole -J-Djavax.net.ssl.keyStore=<server-keystore.jks> -J-Djavax.net.ssl.keyStorePassword=<keystore-password> -J-Djavax.net.ssl.trustStore=<server-truststore.jks> -J-Djavax.net.ssl.trustStorePassword=<truststore-password>If no errors occur,
JConsolestarts. If connecting to a remote node, select Remote Process and enter the hostname andJMXport. If using authentication, enter the username and password. See Using JConsole for more information.
