Setting up SSL for jconsole (JMX)

Using jconsole with SSL encryption.

Using jconsole with SSL requires the same JMX changes to cassandra-env.sh as described in using nodetool (JMX) with SSL encryption. There is no need to create nodetool-ssl.properties, but the same JVM keystore and truststore options must be specified with jconsole on the command line.

cassandra-env.sh

The location of the cassandra-env.sh file depends on the type of installation:

Package installations Installer-Services installations	/etc/dse/cassandra/cassandra-env.sh
Tarball installations Installer-No Services installations	`installation_location`/resources/cassandra/conf/cassandra-env.sh

Prerequisites

Prepare SSL certificates with a self-signed CA for production, or prepare SSL certificates for development. Additionally, configure client-to-node encryption.

Procedure

Copy the keystore and truststore files created in the prerequisite to the node where jconsole will be run. In this example, the files are server-keystore.jks and server-truststore.jks.
Run jconsole using the JVM options:
```
jconsole -J-Djavax.net.ssl.keyStore=server-keystore.jks 
-J-Djavax.net.ssl.keyStorePassword=myKeyPass 
-J-Djavax.net.ssl.trustStore=server-truststore.jks 
-J-Djavax.net.ssl.trustStorePassword=truststorePass
```
If no errors occur, jconsole will start. If connecting to a remote node, enter the hostname and JMX port, in Remote Process. If using authentication, enter the username and password.