Setting up SSL for JConsole (JMX)

Use JConsole with SSL encryption.

Using JConsole with SSL requires the same JMX changes to cassandra-env.sh as nodetool. See Configuring SSL for nodetool, nodesync, dsetool, and Advanced Replication. You do not need to create a nodetool-ssl.properties file, but the same JVM keystore and truststore options must be specified with jconsole on the command line.

cassandra-env.sh

The location of the cassandra-env.sh file depends on the type of installation:
Package installations /etc/dse/cassandra/cassandra-env.sh
Tarball installations installation_location/resources/cassandra/conf/cassandra-env.sh

Prerequisites

  1. Create SSL certificates with a self-signed CA for production environments, or create SSL certificates for development environments.
  2. Configure client-to-node encryption

Procedure

  1. Copy the keystore and truststore files to the node where JConsole will be run. In this example, the files are server-keystore.jks and server-truststore.jks.
  2. Run jconsole using the JVM options:
    jconsole -J-Djavax.net.ssl.keyStore=server-keystore.jks
    -J-Djavax.net.ssl.keyStorePassword=keystore-password 
    -J-Djavax.net.ssl.trustStore=server-truststore.jks
    -J-Djavax.net.ssl.trustStorePassword=truststore-password

    If no errors occur, JConsole starts. If connecting to a remote node, select Remote Process and enter the hostname and JMX port. If using authentication, enter the username and password. See Using JConsole for more information.