I am working on upgrading ActiveMQ from 5.18.3 to 6.0.1.
For all previous 5.x version I have set the following JMX settings and there
have been no issues.
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.port=1234
-Dcom.sun.management.jmxremote.rmi.port=4321
-Dcom.sun.management.jmxremote.ssl=true
-Dcom.sun.management.jmxremote.ssl.need.client.auth=false
-Dcom.sun.management.jmxremote.ssl.enabled.protocols="TLS_Versions"
-Dcom.sun.management.jmxremote.ssl.enabled.cipher.suites="Ciphers"
-Djavax.net.ssl.keyStore=<PATH>/keystore
-Djavax.net.ssl.keyStorePassword=Password
-Djavax.net.ssl.trustStore=<PATH>/truststore
-Djavax.net.ssl.trustStorePassword=Password
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.login.config=JMX
-Djava.security.auth.login.config=<PATH>/login.config
-Dcom.sun.management.jmxremote.access.file=<PATH>/jmxremote.access
This enables JMX over SSL for ActiveMQ and there have been no issues connecting.
During my testing of ActiveMQ 6.0.1 I used the same settings but I noticed that
the SSL portion does not appear to function correctly.
If I set the following:
-Dcom.sun.management.jmxremote.ssl=false
I am able to connect but the connection does not use encryption, as soon as I
set it to true it fails again.
I left the option as true and attempted to use openssl to see what certificates
and ciphers were being published on the port and when openssl attempted to
connect it informed me that SSL was not enabled and/or no certificates were
available.
Has anyone else experienced any issues using JMX over SSL with version 6.0.1?
