geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jarek Gawor (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-3876) Allow configuring JMX over SSL
Date Thu, 10 Jul 2008 20:58:33 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-3876?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12612640#action_12612640
] 

Jarek Gawor commented on GERONIMO-3876:
---------------------------------------

I just committed a few changes to the deployer and the gshell connect command to enable them
to communicate over a secure channel with JMX server (revision 675713). 

These changes introduce a new option (--secure) which will configure things to use a SSLSocketFactory
and the JMX Secure Connector. Since the default SSLSocketFactory is used, the user must configure
the environment correctly to use the Geronimo keystore and truststore. For example, I did
the following:

{code}
export GERONIMO_HOME=~/target/geronimo-jetty6-javaee5-2.2-SNAPSHOT
export JAVA_OPTS="-Djavax.net.ssl.keyStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
-Djavax.net.ssl.keyStorePassword=secret -Djavax.net.ssl.trustStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
-Djavax.net.ssl.trustStorePassword=secret"
$GERONIMO_HOME/bin/deploy.sh -u system -p manager --secure list-modules --stopped
{code}

Of course, the jmx-security plugin must be started on the server.

There is one change to an interface but that interface is only used by the client tools and
therefore it should not affect the user or any applications. If there are no objections I
will port these changes to branches/2.1.


> Allow configuring JMX over SSL
> ------------------------------
>
>                 Key: GERONIMO-3876
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3876
>             Project: Geronimo
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>          Components: management, security
>    Affects Versions: 2.1, 2.1.1, 2.2
>            Reporter: Vamsavardhana Reddy
>            Assignee: Jarek Gawor
>             Fix For: 2.2
>
>         Attachments: GERONIMO-3876-B.patch, GERONIMO-3876.21.patch, GERONIMO-3876.patch
>
>
> Currently JMX connections to Geronimo or non-SSL and Geronimo does not provide configuring
SSL for JMX connections.  It may be useful to provide configuration for JMX connections over
SSL.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message