Configuring JMX on the server side

Configure JMX on the server side to enable SSL connections.

Complete the following procedure to configure JMX on the server side when enabling secure client-to-node connections using SSL.

jvm.options

The location of the jvm.options file depends on the type of installation:
Package installations /etc/dse/cassandra/jvm.options
Tarball installations installation_location/resources/cassandra/conf/jvm.options

Procedure

  1. If the $LOCAL_JMX setting is present, change it to no.
    "$LOCAL_JMX" = "no"
  2. Enable JMX authentication by setting -Dcom.sun.management.jmxremote.authenticate to true:
    JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true
  3. Uncomment the following settings in the cassandra-env.sh file. You must specify the path to appropriate keystore and truststore, including passwords for each.
    Note: You can also use the jvm.options file as described in Setting system properties during startup.
    JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=true"
    JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.need.client.auth=true"
    JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.registry.ssl=true"
    JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStore=path_to_keystore.jks"
    JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStorePassword=keystore-password"
    JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStore=path_to_truststore.jks"
    JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStorePassword=truststore-password"
    com.sun.management.jmxremote.ssl
    Set to true to enable SSL for JMX.
    com.sun.management.jmxremote.ssl.need.client.auth
    Set to true to enable two-way certificate authentication.
    com.sun.management.jmxremote.registry.ssl
    Set to true to create an RMI registry protected by SSL, and configure a management agent when the JVM starts.