Set up SSL for JConsole (JMX)
Using JConsole
with SSL requires the same JMX
changes to cassandra-env.sh
as nodetool
.
The location of the cassandra-env.sh
file depends on your installation type.
-
Package installations
-
Tarball installations
/etc/hcd/cassandra/cassandra-env.sh
INSTALLATION_LOCATION/resources/cassandra/conf/cassandra-env.sh
Replace INSTALLATION_LOCATION with the path where you extracted the HCD tarball.
See Configure SSL for nodetool, nodesync, dsetool, and Advanced Replication.
You do not need to create a nodetool-ssl.properties
file, but the same JVM
keystore and truststore options must be specified with jconsole
on the command line.
Prerequisites
-
Create SSL certificates with a self-signed CA for production environments, or create SSL certificates for development environments.
Use JConsole with SSL
-
Copy the keystore and truststore files to the node where
JConsole
is to be run. In this example, the files areserver-keystore.jks
andserver-truststore.jks
. -
Run
jconsole
using the JVM options:jconsole -J-Djavax.net.ssl.keyStore=<server-keystore.jks> -J-Djavax.net.ssl.keyStorePassword=<keystore-password> -J-Djavax.net.ssl.trustStore=<server-truststore.jks> -J-Djavax.net.ssl.trustStorePassword=<truststore-password>
If no errors occur,
JConsole
starts. If connecting to a remote node, select Remote Process and enter the hostname andJMX
port. If using authentication, enter the username and password. See Using JConsole for more information.