0 Replies Latest reply on Oct 29, 2015 3:22 PM by s4tlarson

    ColdFusion 11 JMX Monitoring with SSL/TLS

    s4tlarson

      Would like to monitor our JVM performance in the production network securely by enabling the SSL/TLS options available to JMX.

       

      Having trouble even after I properly created valid keyStore/trustStore using an internal CA with a .csr for a .p7b.

       

      However while attempting to poll the CF JVM for JMX I cannot get the secure negotiation to work properly.

       

      Added these lines to /cfusion/bin/vm.config:

       

      -Dcom.sun.management.jmxremote=true

      -Dcom.sun.management.jmxremote.port=3333

      -Dcom.sun.management.jmxremote.ssl=true

      -Dcom.sun.management.jmxremote.authenticate=false

      -Dcom.sun.management.jmxremote.ssl.need.client.auth=false

      -Djavax.net.ssl.keyStore=jmxkey.keystore

      -Djavax.net.ssl.keyStorePassword=password

       

      Also want to enable these flags too for testing:

      -Djavax.sun.management.jmxremote.ssl.enabled.protocols=TLSv1.2

      -Djavax.sun.management.jmxremote.ssl.cipher.suites=TLS_RSA_WITH_AES_128_CBC_SHA

       

      Everything on my jconsole setting are set up properly, what am I missing for the CF/JVM side?

      Also I would like to see some documentation on this setup, haven't found anything through searching.

      Closest example from IBM and Apache Tomcat.