Hi Jason- Were you able to get this resolved?
Be sure to use a recent JDK 17 release with ActiveMQ 6.0.x. A quick scan over those params looks correct and still valid in the JDK: https://github.com/openjdk/jdk/blob/4dd6c44cbdb0b5957414fa87b6c559fa4d6f2fa8/test/jdk/sun/management/jmxremote/startstop/JMXStartStopTest.java#L699 Thanks, Matt Pavlovich > On Jan 31, 2024, at 10:34 AM, Jason Jackson > <jason.jack...@itechag.com.INVALID> wrote: > > I am working on upgrading ActiveMQ from 5.18.3 to 6.0.1. > > For all previous 5.x version I have set the following JMX settings and there > have been no issues. > > -Dcom.sun.management.jmxremote=true > -Dcom.sun.management.jmxremote.port=1234 > -Dcom.sun.management.jmxremote.rmi.port=4321 > -Dcom.sun.management.jmxremote.ssl=true > -Dcom.sun.management.jmxremote.ssl.need.client.auth=false > -Dcom.sun.management.jmxremote.ssl.enabled.protocols="TLS_Versions" > -Dcom.sun.management.jmxremote.ssl.enabled.cipher.suites="Ciphers" > -Djavax.net.ssl.keyStore=<PATH>/keystore > -Djavax.net.ssl.keyStorePassword=Password > -Djavax.net.ssl.trustStore=<PATH>/truststore > -Djavax.net.ssl.trustStorePassword=Password > -Dcom.sun.management.jmxremote.authenticate=true > -Dcom.sun.management.jmxremote.login.config=JMX > -Djava.security.auth.login.config=<PATH>/login.config > -Dcom.sun.management.jmxremote.access.file=<PATH>/jmxremote.access > > This enables JMX over SSL for ActiveMQ and there have been no issues > connecting. > > During my testing of ActiveMQ 6.0.1 I used the same settings but I noticed > that the SSL portion does not appear to function correctly. > > If I set the following: > > -Dcom.sun.management.jmxremote.ssl=false > > I am able to connect but the connection does not use encryption, as soon as I > set it to true it fails again. > > I left the option as true and attempted to use openssl to see what > certificates and ciphers were being published on the port and when openssl > attempted to connect it informed me that SSL was not enabled and/or no > certificates were available. > > Has anyone else experienced any issues using JMX over SSL with version 6.0.1?
