How to configure JMX connection with SSL

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

How to configure JMX connection with SSL

dantran
Hi

I am looking for info on how to configure Karaf's JMX connection with
SSL.  The closest I can get to is
http://karaf.apache.org/manual/2.2.0/developers-guide/debugging.html

Thanks

-Dan
Reply | Threaded
Open this post in threaded view
|

Re: How to configure JMX connection with SSL

Guillaume Nodet
I suppose you could try with adding the needed properties into
etc/system.properties as indicated at
http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html
 but I think a better way could be offered through properties in
etc/org.apache.karaf.management.cfg and our jaas support for
keystores.   I've actually never used JMX on SSL so not sure how to
set up that programmatically, but feel free to raise a JIRA for that.

On Tue, Mar 29, 2011 at 03:29, Dan Tran <[hidden email]> wrote:

> Hi
>
> I am looking for info on how to configure Karaf's JMX connection with
> SSL.  The closest I can get to is
> http://karaf.apache.org/manual/2.2.0/developers-guide/debugging.html
>
> Thanks
>
> -Dan
>



--
Cheers,
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
Open Source SOA
http://fusesource.com
Reply | Threaded
Open this post in threaded view
|

Re: How to configure JMX connection with SSL

dantran
filed at  https://issues.apache.org/jira/browse/KARAF-541

Thanks

-Dan

On Mon, Mar 28, 2011 at 11:26 PM, Guillaume Nodet <[hidden email]> wrote:

> I suppose you could try with adding the needed properties into
> etc/system.properties as indicated at
> http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html
>  but I think a better way could be offered through properties in
> etc/org.apache.karaf.management.cfg and our jaas support for
> keystores.   I've actually never used JMX on SSL so not sure how to
> set up that programmatically, but feel free to raise a JIRA for that.
>
> On Tue, Mar 29, 2011 at 03:29, Dan Tran <[hidden email]> wrote:
>> Hi
>>
>> I am looking for info on how to configure Karaf's JMX connection with
>> SSL.  The closest I can get to is
>> http://karaf.apache.org/manual/2.2.0/developers-guide/debugging.html
>>
>> Thanks
>>
>> -Dan
>>
>
>
>
> --
> Cheers,
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> Open Source SOA
> http://fusesource.com
>
Reply | Threaded
Open this post in threaded view
|

Re: How to configure JMX connection with SSL

dantran
I went on to add 2 addional ssl properties to

etc/system.properties

  javax.net.ssl.keyStore=${karaf.home}/etc/keystore
  javax.net.ssl.trustStore=${karaf.home}/etc/truststore

and bin/karaf script

-  Djavax.net.ssl.keyStore=$DIRNAME/etc/keystore
-Djavax.net.ssl.trustStore=$DIRNAME/etc/truststore

either one has any effect ( i am expecting error from karaf saying
those stores file are not available, since I have not created them
yet?

Is it a bug?

Has any one able to get SSL working with JMX?

Thanks

-Dan


On Mon, Mar 28, 2011 at 11:53 PM, Dan Tran <[hidden email]> wrote:

> filed at  https://issues.apache.org/jira/browse/KARAF-541
>
> Thanks
>
> -Dan
>
> On Mon, Mar 28, 2011 at 11:26 PM, Guillaume Nodet <[hidden email]> wrote:
>> I suppose you could try with adding the needed properties into
>> etc/system.properties as indicated at
>> http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html
>>  but I think a better way could be offered through properties in
>> etc/org.apache.karaf.management.cfg and our jaas support for
>> keystores.   I've actually never used JMX on SSL so not sure how to
>> set up that programmatically, but feel free to raise a JIRA for that.
>>
>> On Tue, Mar 29, 2011 at 03:29, Dan Tran <[hidden email]> wrote:
>>> Hi
>>>
>>> I am looking for info on how to configure Karaf's JMX connection with
>>> SSL.  The closest I can get to is
>>> http://karaf.apache.org/manual/2.2.0/developers-guide/debugging.html
>>>
>>> Thanks
>>>
>>> -Dan
>>>
>>
>>
>>
>> --
>> Cheers,
>> Guillaume Nodet
>> ------------------------
>> Blog: http://gnodet.blogspot.com/
>> ------------------------
>> Open Source SOA
>> http://fusesource.com
>>
>
Reply | Threaded
Open this post in threaded view
|

Re: How to configure JMX connection with SSL

dantran
I now have karaf 2.2.x source loaded to my Eclipse, the closest place
I can see why karaf ignore the global system properties settings for
JMX SSL is org.apache.karaf.management.MBeanServerFactory.java

this.connectorServer =
JMXConnectorServerFactory.newJMXConnectorServer(url, this.environment,
this.server);

where 'this.environment' does not have proper settings from
blueprint's xml file??

Any help on this is greatly appreciated since I am very new to JMX development

Thanks

-D

On Wed, Mar 30, 2011 at 2:39 PM, Dan Tran <[hidden email]> wrote:

> I went on to add 2 addional ssl properties to
>
> etc/system.properties
>
>  javax.net.ssl.keyStore=${karaf.home}/etc/keystore
>  javax.net.ssl.trustStore=${karaf.home}/etc/truststore
>
> and bin/karaf script
>
> -  Djavax.net.ssl.keyStore=$DIRNAME/etc/keystore
> -Djavax.net.ssl.trustStore=$DIRNAME/etc/truststore
>
> either one has any effect ( i am expecting error from karaf saying
> those stores file are not available, since I have not created them
> yet?
>
> Is it a bug?
>
> Has any one able to get SSL working with JMX?
>
> Thanks
>
> -Dan
>
>
> On Mon, Mar 28, 2011 at 11:53 PM, Dan Tran <[hidden email]> wrote:
>> filed at  https://issues.apache.org/jira/browse/KARAF-541
>>
>> Thanks
>>
>> -Dan
>>
>> On Mon, Mar 28, 2011 at 11:26 PM, Guillaume Nodet <[hidden email]> wrote:
>>> I suppose you could try with adding the needed properties into
>>> etc/system.properties as indicated at
>>> http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html
>>>  but I think a better way could be offered through properties in
>>> etc/org.apache.karaf.management.cfg and our jaas support for
>>> keystores.   I've actually never used JMX on SSL so not sure how to
>>> set up that programmatically, but feel free to raise a JIRA for that.
>>>
>>> On Tue, Mar 29, 2011 at 03:29, Dan Tran <[hidden email]> wrote:
>>>> Hi
>>>>
>>>> I am looking for info on how to configure Karaf's JMX connection with
>>>> SSL.  The closest I can get to is
>>>> http://karaf.apache.org/manual/2.2.0/developers-guide/debugging.html
>>>>
>>>> Thanks
>>>>
>>>> -Dan
>>>>
>>>
>>>
>>>
>>> --
>>> Cheers,
>>> Guillaume Nodet
>>> ------------------------
>>> Blog: http://gnodet.blogspot.com/
>>> ------------------------
>>> Open Source SOA
>>> http://fusesource.com
>>>
>>
>
Reply | Threaded
Open this post in threaded view
|

Re: How to configure JMX connection with SSL

Guillaume Nodet
Right, you found the right place to start hacking.

For SSL support, Karaf provides some support for Keystores and such,
so I suggest you look at another exmaple such as
   http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
Look at the setupSsl() method.

I think you'd have to provide an instance of
javax.rmi.ssl.SslRMIServerSocketFactory somehow, but that's really not
an area i've been using.
I found the following which should help:
  https://issues.apache.org/jira/secure/attachment/12385652/GERONIMO-3876.21.patch


On Fri, Apr 1, 2011 at 02:47, Dan Tran <[hidden email]> wrote:

> I now have karaf 2.2.x source loaded to my Eclipse, the closest place
> I can see why karaf ignore the global system properties settings for
> JMX SSL is org.apache.karaf.management.MBeanServerFactory.java
>
> this.connectorServer =
> JMXConnectorServerFactory.newJMXConnectorServer(url, this.environment,
> this.server);
>
> where 'this.environment' does not have proper settings from
> blueprint's xml file??
>
> Any help on this is greatly appreciated since I am very new to JMX development
>
> Thanks
>
> -D
>
> On Wed, Mar 30, 2011 at 2:39 PM, Dan Tran <[hidden email]> wrote:
>> I went on to add 2 addional ssl properties to
>>
>> etc/system.properties
>>
>>  javax.net.ssl.keyStore=${karaf.home}/etc/keystore
>>  javax.net.ssl.trustStore=${karaf.home}/etc/truststore
>>
>> and bin/karaf script
>>
>> -  Djavax.net.ssl.keyStore=$DIRNAME/etc/keystore
>> -Djavax.net.ssl.trustStore=$DIRNAME/etc/truststore
>>
>> either one has any effect ( i am expecting error from karaf saying
>> those stores file are not available, since I have not created them
>> yet?
>>
>> Is it a bug?
>>
>> Has any one able to get SSL working with JMX?
>>
>> Thanks
>>
>> -Dan
>>
>>
>> On Mon, Mar 28, 2011 at 11:53 PM, Dan Tran <[hidden email]> wrote:
>>> filed at  https://issues.apache.org/jira/browse/KARAF-541
>>>
>>> Thanks
>>>
>>> -Dan
>>>
>>> On Mon, Mar 28, 2011 at 11:26 PM, Guillaume Nodet <[hidden email]> wrote:
>>>> I suppose you could try with adding the needed properties into
>>>> etc/system.properties as indicated at
>>>> http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html
>>>>  but I think a better way could be offered through properties in
>>>> etc/org.apache.karaf.management.cfg and our jaas support for
>>>> keystores.   I've actually never used JMX on SSL so not sure how to
>>>> set up that programmatically, but feel free to raise a JIRA for that.
>>>>
>>>> On Tue, Mar 29, 2011 at 03:29, Dan Tran <[hidden email]> wrote:
>>>>> Hi
>>>>>
>>>>> I am looking for info on how to configure Karaf's JMX connection with
>>>>> SSL.  The closest I can get to is
>>>>> http://karaf.apache.org/manual/2.2.0/developers-guide/debugging.html
>>>>>
>>>>> Thanks
>>>>>
>>>>> -Dan
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Cheers,
>>>> Guillaume Nodet
>>>> ------------------------
>>>> Blog: http://gnodet.blogspot.com/
>>>> ------------------------
>>>> Open Source SOA
>>>> http://fusesource.com
>>>>
>>>
>>
>



--
Cheers,
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
Open Source SOA
http://fusesource.com