yballan
asked on
How to enable SSL on JMX agent
Dear Experts,
We have a Windows Server 2016 Standard running Java 8 v.211, and is getting flagged in the vulnerability scan "A remote Java JMX agent is configured without SSL client and password authentication." The suggested solution is to enable SSL client or password authentication for the JMX agent, however, as I research for the solution, I am not getting a clear answers.
The one I wanted to try was to set up SSL, using keytool -genkey, then setting the system properties such as javax.net.ssl.keyStore Keystore location.
What I need is to understand how to accomplish these tasks, as I found the commands that need to be executed. Am I executing this from Java environment that runs on this server?
Please advise.
java -Dcom.sun.management.jmxre mote.port= 9999
-Dcom.sun.management.jmxre mote.passw ord.file=j mxremote.p assword
-Djavax.net.ssl.keyStore=/ home/user/ .keystore
-Djavax.net.ssl.keyStorePa ssword=myK eyStorePas sword
-Dcom.sun.management.jmxre mote.ssl.n eed.client .auth=true
-Djavax.net.ssl.trustStore =/home/use r/.trustst ore
-Djavax.net.ssl.trustStore Password=m yTrustStor ePassword
-Dcom.sun.management.jmxre mote.regis try.ssl=tr ue
-Djava.security.manager
-Djava.security.policy=jmx .policy
-jar lib/derbyrun.jar server start -h 0.0.0.0
(From https://docs.oracle.com/javadb/10.10.1.2/adminguide/radminjmxenablepwdssl.html)
We have a Windows Server 2016 Standard running Java 8 v.211, and is getting flagged in the vulnerability scan "A remote Java JMX agent is configured without SSL client and password authentication." The suggested solution is to enable SSL client or password authentication for the JMX agent, however, as I research for the solution, I am not getting a clear answers.
The one I wanted to try was to set up SSL, using keytool -genkey, then setting the system properties such as javax.net.ssl.keyStore Keystore location.
What I need is to understand how to accomplish these tasks, as I found the commands that need to be executed. Am I executing this from Java environment that runs on this server?
Please advise.
java -Dcom.sun.management.jmxre
-Dcom.sun.management.jmxre
-Djavax.net.ssl.keyStore=/
-Djavax.net.ssl.keyStorePa
-Dcom.sun.management.jmxre
-Djavax.net.ssl.trustStore
-Djavax.net.ssl.trustStore
-Dcom.sun.management.jmxre
-Djava.security.manager
-Djava.security.policy=jmx
-jar lib/derbyrun.jar server start -h 0.0.0.0
(From https://docs.oracle.com/javadb/10.10.1.2/adminguide/radminjmxenablepwdssl.html)
ASKER
Dear CEHJ, thank you for your quick reply.
What I am confused about is where this scrip is run. Am I starting java on this server by starting the line with "java" , then feeding all of these commands?
Or am I supposed to get into Java environment first, then run this command?
My running Java experience is strictly on Unix machines, so I am confused on this point.
Please advise.
What I am confused about is where this scrip is run. Am I starting java on this server by starting the line with "java" , then feeding all of these commands?
Or am I supposed to get into Java environment first, then run this command?
My running Java experience is strictly on Unix machines, so I am confused on this point.
Please advise.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, that is what I will do.
:)
Apart from perhaps-jar lib/derbyrun.jar That of course could be right too, but 'derby'? Derby is a JAVA rdbms as far as i know...
Oops sorry - i was confusing myself (thinking of jmS) In that case it looks OK