New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes SSL failure to connect using proxy or .war #436
Conversation
Adds SSL-RMI support when the `javax.net.ssl.trustStore` system property is defined and fixes error "java.rmi.ConnectIOException: non-JRMP server at remote endpoint"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR ! I don't know about the concrete issue but it looks reasonable to me (i.e. to switch to SSL communication when a trust store is set). Is the presence of a trustStore the only indicator to use SSL for RMI communication or is there a more direct property ?
PR looks good with some minor cosmetic suggestion.
agent/jsr160/src/main/java/org/jolokia/jsr160/Jsr160RequestDispatcher.java
Outdated
Show resolved
Hide resolved
…patcher.java Co-authored-by: Roland Huß <rhuss@redhat.com>
For my specific use case with Cassandra's default JMX configs, here's the server side settings: -Dcom.sun.management.jmxremote.ssl=true
-Dcom.sun.management.jmxremote.ssl.need.client.auth=true
-Dcom.sun.management.jmxremote.registry.ssl=true
-Djavax.net.ssl.keyStore=/etc/cassandra/certstore/client_certstore/keystore.jks
-Djavax.net.ssl.keyStorePassword=cassandra
-Djavax.net.ssl.trustStore=/etc/cassandra/certstore/client_certstore/truststore.jks
-Djavax.net.ssl.trustStorePassword=cassandra Using Jolokia in Proxy mode with tomcat, this is the minimal required system properties to make it work (notice -Dcom.sun.management.jmxremote.ssl=false
-Djavax.net.ssl.keyStore=/etc/cassandra/certstore/client_certstore/keystore.jks
-Djavax.net.ssl.keyStorePassword=cassandra
-Djavax.net.ssl.trustStore=/etc/cassandra/certstore/client_certstore/truststore.jks
-Djavax.net.ssl.trustStorePassword=cassandra If one were to disable
I commited your suggestion. Thanks for the improvement! |
For reference: diff (a bit outdated) that includes building the docker image with Github actions: master...TheWeatherCompany:docker-proxy truststore and keystore volumes mounted at runtime. Truststore and keystore System properties are set in |
Thanks, that makes sense to me. |
Adds SSL-RMI support when the
javax.net.ssl.trustStore
system property is defined and fixes error "java.rmi.ConnectIOException: non-JRMP server at remote endpoint. Tested with tomcat 9 by mounting build .war file.Resolves #109 - Add SSL support for the JSR-160 proxy