Setting up SSL for jconsole (JMX)

Using jconsole with SSL encryption.

Using jconsole with SSL requires the same JMX changes to cassandra-env.sh as described in using nodetool (JMX) with SSL encryption. There is no need to create nodetool-ssl.properties, but the same JVM keystore and truststore options must be specified with jconsole on the command line.

cassandra-env.sh

The location of the cassandra-env.sh file depends on the type of installation:

Package installations
Installer-Services installations

 /etc/dse/cassandra/cassandra-env.sh

Tarball installations
Installer-No Services installations

 installation_location/resources/cassandra/conf/cassandra-env.sh

Prerequisites

Prepare SSL certificates with a self-signed CA for production, or prepare SSL certificates for development. Additionally, configure client-to-node encryption.

Procedure

  1. Copy the keystore and truststore files created in the prerequisite to the node where jconsole will be run. In this example, the files are server-keystore.jks and server-truststore.jks.
  2. Run jconsole using the JVM options: 
    jconsole -J-Djavax.net.ssl.keyStore=server-keystore.jks 
-J-Djavax.net.ssl.keyStorePassword=myKeyPass 
-J-Djavax.net.ssl.trustStore=server-truststore.jks 
-J-Djavax.net.ssl.trustStorePassword=truststorePass

    If no errors occur, jconsole will start. If connecting to a remote node, enter the hostname and JMX port, in Remote Process. If using authentication, enter the username and password.