Setting up SSL for JConsole (JMX)
Use JConsole with SSL encryption.
Using JConsole with SSL requires the same JMX changes to
cassandra-env.sh as nodetool
. See
Configuring SSL for nodetool, nodesync, dsetool, and Advanced Replication. You do not need to create a
nodetool-ssl.properties
file, but the same JVM keystore and
truststore options must be specified with jconsole
on the command
line.
cassandra-env.sh
The location of the cassandra-env.sh file depends on the type of installation:Package installations | /etc/dse/cassandra/cassandra-env.sh |
Tarball installations | installation_location/resources/cassandra/conf/cassandra-env.sh |
Prerequisites
- Create SSL certificates with a self-signed CA for production environments, or create SSL certificates for development environments.
- Configure client-to-node encryption
Procedure
-
Copy the keystore and truststore files to the node where JConsole will be run.
In this example, the files are
server-keystore.jks
andserver-truststore.jks
. -
Run
jconsole
using the JVM options:jconsole -J-Djavax.net.ssl.keyStore=server-keystore.jks -J-Djavax.net.ssl.keyStorePassword=keystore-password -J-Djavax.net.ssl.trustStore=server-truststore.jks -J-Djavax.net.ssl.trustStorePassword=truststore-password
If no errors occur, JConsole starts. If connecting to a remote node, select Remote Process and enter the hostname and JMX port. If using authentication, enter the username and password. See Using JConsole for more information.