Setting up SSL for jconsole (JMX)

Using jconsole with SSL requires the same JMX changes to cassandra-env.sh as described in using nodetool (JMX) with SSL encryption. There is no need to create nodetool-ssl.properties, but the same JVM keystore and truststore options must be specified with jconsole on the command line.

Prerequisites

Prepare SSL certificates with a self-signed CA for production, or prepare SSL certificates for development. Additionally, configure client-to-node encryption.

Procedure

  1. Copy the keystore and truststore files created in the prerequisite to the node where jconsole will be run. In this example, the files are server-keystore.jks and server-truststore.jks.

  2. Run jconsole using the JVM options:

    jconsole -J-Djavax.net.ssl.keyStore=server-keystore.jks
-J-Djavax.net.ssl.keyStorePassword=myKeyPass
-J-Djavax.net.ssl.trustStore=server-truststore.jks
-J-Djavax.net.ssl.trustStorePassword=truststorePass

    If no errors occur, jconsole will start. If connecting to a remote node, enter the hostname and JMX port, in Remote Process. If using authentication, enter the username and password.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com