Working with the JMX --secure option has been created by Runhua Chi (May 11, 2009).

Content:

Secure option prerequisites

For Geronimo 2.1.0.1 and later, the --secure option can be used to connect to JMX server via a secure channel. It applies to the following commands:

You need to follow the next steps before working with the --secure option:

  1. You need to disable the non-secure JMX connector. To disable the non-secure JMX connector, stop the Geronimo server if it has been started, and modify the config.xml file in the <Geronimo_HOME>/var/config directory, where <Geronimo_HOME> is the installation directory of your Geronimo server.
    • Exclude the following items from the modules pre-configured to get started by adding "load="false" to the elements:
      <gbean name="JMXService" load="false">
      ...
      <module name="org.apache.geronimo.configs/clustering//car" load="false">
      ...
      <module name="org.apache.geronimo.configs/tomcat6-clustering-builder-wadi//car" load="false">
      
    • Include the following item in the a number of modules pre-configured to get you started by deleting "load="false":
      <module name="org.apache.geronimo.framework/jmx-security//car">
      
  2. Start the Geronimo server.
  3. You need to set Geronimo directory and Java security properties to configure the JVM to use the right keystores and passwords. For example on a default Geronimo installation you might need to follow the syntax:

On a non-Windows system:

export GERONIMO_HOME=<Geronimo_HOME>
export JAVA_OPTS=-Djavax.net.ssl.keyStore=$GERONIMO_HOME/var/security/keystores/geronimo-default -Djavax.net.ssl.keyStorePassword=secret
-Djavax.net.ssl.trustStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
-Djavax.net.ssl.trustStorePassword=secret

where <Geronimo_HOME> is the installation directory of the Geronimo server, geronimo-default and secret are the file name and password of the key store and the trust store. Note that the second export command is in one line.

On a Windows system:

set GERONIMO_HOME=<Geronimo_HOME>
set JAVA_OPTS=-Djavax.net.ssl.keyStore=%GERONIMO_HOME%/var/security/keystores/geronimo-default
-Djavax.net.ssl.keyStorePassword=secret
-Djavax.net.ssl.trustStore=%GERONIMO_HOME%/var/security/keystores/geronimo-default
-Djavax.net.ssl.trustStorePassword=secret

where <Geronimo_HOME> is the installation directory of the Geronimo server, geronimo-default and secret are the file name and password of the key store and the trust store. Note that the second set command is in one line.

Powered by Atlassian Confluence (Version: 2.2.9 Build:#527 Sep 07, 2006) - Bug/feature request

Unsubscribe or edit your notifications preferences