1

I have connected a JMX connection from a machine without SSL. But when I give the SSL though the App is getting launched without any error, VisualVM is unable to establish a JMX connection through the specified port. Following is the command I used to establish JMX connection from the App side.

java -Dcom.sun.management.jmxremote.port=4444 -Dcom.sun.management.jmxremote.password.file="C:/Program Files/Java/jre1.8.0_25/lib/management/jmxremote.password" -Djavax.net.ssl.keyStore="C:/Program Files/Java/jdk1.8.0_25/bin/testkeystore" -Djavax.net.ssl.keyStorePassword=123456 -Dcom.sun.management.jmxremote.ssl=true -Dcom.sun.management.jmxremote.authenticate=true DemoApp

Please advice.

Improve this question
5
  • Did you set up the client side as well? docs.oracle.com/javase/8/docs/technotes/guides/management/…
    – Klara
    Commented Dec 18, 2014 at 14:22
  • @Klara I did export the keystore from server into a certificate and imported that certificate in my client machine. Is there anything else I need to do?
    – Kalpa-W
    Commented Dec 19, 2014 at 2:52
  • @Klara the JMX connection is failing when I give jmxremote.ssl=true. When its false connection does establish
    – Kalpa-W
    Commented Dec 19, 2014 at 5:06
  • Did you set up the javax.net.ssl.trustStore* properties on
    – Klara
    Commented Jan 8, 2015 at 12:55
  • 1
    AFAIU, you need to specify a couple of javax.net.ssl.trustStore* properties when starting visualvm, like this: -J-Djavax.net.ssl.trustStore=/path_to/truststore \ -J-Djavax.net.ssl.trustStorePassword=trustword
    – Klara
    Commented Jan 8, 2015 at 13:07

1 Answer 1

Reset to default
2

Even though this is a quite old question, @Klara's comments helped me to solve the similar issue very fast.

  1. First, I needed to prepare my trust store for jVisualVM:

keytool -exportcert -alias server -keystore /jkslocation/serverKS.jks -storepass storepassword -file /certificatelocation/certificate.cer

  1. Then I added exported certificate to the trust store: keytool -import -alias server -keystore /jkslocation/clientTS.jks -storepass storepassword -file /certificatelocation/certificate.cer -v

  2. Then clientTS.jks is copied to the client machine running jVisualVM.

  3. jVisualVM is started with trust store parameters: ./jvisualvm -J-Djavax.net.ssl.trustStore=clientTS.jks -J-Djavax.net.ssl.trustStorePassword=clientTSPassword

  4. jVisualVM can access server JMX ports.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.