Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

2.3. Enabling Remote JMX SSL

Overview
Link kopieren

Red Hat JBoss Fuse provides a JMX port that allows remote monitoring and management of Fuse containers via MBeans. To prevent unauthorized access to data and applications, you need to secure JMX communications by configuring JMX over SSL.
Configuring JMX over SSL access, involves:
After you have configured JMX over SSL access, you should test the connection.
Note
If you configure JMX over SSL while Red Hat JBoss Fuse is running, you will need to restart it.

Prerequisites
Link kopieren

If you haven't already done so, you need to:
  • Set your JAVA_HOME environment variable
  • Configure a JBoss Fuse user with the admin role
    Edit the <installDir>/jboss-fuse6.0.redhat-024/etc/users.properties file to enable the default admin user by uncommenting the line #admin=admin,admin. Alternatively, you can define another user with the admin role.
  • cd to <installDir>/jboss-fuse6.0.redhat-024/etc.

Create the jbossweb.keystore
Link kopieren

At the command line, using -dname values appropriate for your application, type this command: 
$JAVA_HOME/bin/keytool -genkey -v -alias jbossalias -keyalg RSA -keysize 1024 -keystore 
jbossweb.keystore -validity 3650 -keypass JbossPassword -storepass 
JbossPassword -dname "CN=127.0.0.1, OU=RedHat Software Unit, O=RedHat, 
L=Boston, S=Mass, C=USA"
Copy to Clipboard Toggle word wrap
Important
Type the entire command on the same command line.
The command returns output that looks like this: 
Generating 1,024 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 3,650 days
	for: CN=127.0.0.1, OU=RedHat Software Unit, O=RedHat, L=Boston, ST=Mass, C=USA
New certificate (self-signed):
[
[
  Version: V3
  Subject: CN=127.0.0.1, OU=RedHat Software Unit, O=RedHat, L=Boston, ST=Mass, C=USA
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 1024 bits
  modulus: 1123086025790567043604962990501918169461098372864273201795342440080393808
     1594100776075008647459910991413806372800722947670166407814901754459100720279046
     3944621813738177324031064260382659483193826177448762030437669318391072619867218
     036972335210839062722456085328301058362052369248473659880488338711351959835357
  public exponent: 65537
  Validity: [From: Thu Jun 05 12:19:52 EDT 2014,
               To: Sun Jun 02 12:19:52 EDT 2024]
  Issuer: CN=127.0.0.1, OU=RedHat Software Unit, O=RedHat, L=Boston, ST=Mass, C=USA
  SerialNumber: [    4666e4e6]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AC 44 A5 F2 E6 2F B2 5A   5F 88 FE 69 60 B4 27 7D  .D.../.Z_..i`.'.
0010: B9 81 23 9C                                        ..#.
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 01 1D 95 C0 F2 03 B0 FD   CF 3A 1A 14 F5 2E 04 E5  .........:......
0010: DD 18 DD 0E 24 60 00 54   35 AE FE 36 7B 38 69 4C  ....$`.T5..6.8iL
0020: 1E 85 0A AF AE 24 1B 40   62 C9 F4 E5 A9 02 CD D3  .....$.@b.......
0030: 91 57 60 F6 EF D6 A4 84   56 BA 5D 21 11 F7 EA 09  .W`.....V.]!....
0040: 73 D5 6B 48 4A A9 09 93   8C 05 58 91 6C D0 53 81  s.kHJ.....X.l.S.
0050: 39 D8 29 59 73 C4 61 BE   99 13 12 89 00 1C F8 38  9.)Ys.a........8
0060: E2 BF D5 3C 87 F6 3F FA   E1 75 69 DF 37 8E 37 B5  ...<..?..ui.7.7.
0070: B7 8D 10 CC 9E 70 E8 6D   C2 1A 90 FF 3C 91 84 50  .....p.m....<..P

]
[Storing jbossweb.keystore]
Copy to Clipboard Toggle word wrap
Check whether <installDir>/jboss-fuse6.0.redhat-024/etc now contains the file jbossweb.keystore.

Create the keystore.xml file
Link kopieren

  1. Using your favorite xml editor, create and save the keystore.xml file in the <installDir>/jboss-fuse6.0.redhat-024/etc directory.
  2. Include this text in the file: 
    <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
           xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0">
     <jaas:keystore name="sample_keystore"
                    rank="1"
                    path="file:etc/jbossweb.keystore"
                    keystorePassword="JbossPassword" 
                    keyPasswords="jbossalias=JbossPassword" />
</blueprint>
    Copy to Clipboard Toggle word wrap
    Check whether <installDir>/jboss-fuse6.0.redhat-024/etc now contains the file keystore.xml.

Ensure that the keystore.xml file is loaded at the appropriate time
Link kopieren

Create the org.apache.felix.fileinstall-keystore.cfg file.
  1. Using your favorite text editor, create and save the org.apache.felix.fileinstall-keystore.cfg file in the <installDir>/jboss-fuse6.0.redhat-024/etc directory.
  2. Include these properties in the file: 
    feilx.fileinstall.dir        = ${karaf.base}/etc
feilx.fileinstall.filter     = keystore\\.xml
feilx.fileinstall.poll       = 1000
feilx.fileinstall.noInitialDelay  = true
feilx.fileinstall.log.level  = 3
feilx.fileinstall.start.level     = 25
    Copy to Clipboard Toggle word wrap
    Check whether <installDir>/jboss-fuse6.0.redhat-024/etc now contains the file org.apache.felix.fileinstall-keystore.cfg.

Add the required properties to org.apache.karaf.management.cfg
Link kopieren

Edit the <installDir>/jboss-fuse6.0.redhat-024/etc/org.apache.karaf.management.cfg file to include these properties at the end of the file: 
secured = true
secureProtocol = SSL
keyAlias = jbossalias
keyStore = sample_keystore
trustStore = sample_keystore
Copy to Clipboard Toggle word wrap

Testing the Secure JMX connection
Link kopieren

  1. Restart Red Hat JBoss Fuse, if necessary.
    Note
    When you restart Red Hat JBoss Fuse, fuse.log will contain an INFO message that the OsgiKeystoreManager could not find the sample_keystore you configured in the org.apache.karaf.management.cfg file. This occurs because the sample_keystore was not loaded at the time the OSGi management bundle was loading.
    But the org.pache.felix.fileinstall-keystore.cfg file you created forces the OSGi management bundle to reload and scan the keystore, enabling JConsole to connect successfully to Red Hat JBoss Fuse over SSL.
  2. Open a terminal, and start up JConsole by entering this command: 
    jconsole -J-Djavax.net.debug=all -J-Djavax.net.ssl.trustStore=/NotBackedUp/FuseSource/
jboss-fuse-6.0.0.redhat-024/etc/jbossweb.keystore -J-Djavax.net.ssl.trustStoreType=JKS 
-J-Djavax.net.ssl.trustStorePassword=JbossPassword
    Copy to Clipboard Toggle word wrap
    Important
    Type the entire command on the same command line.
    Note
    The system property -J-Djavax.net.debug=all shows all transport information, including SSL handshake messages, confirming that communication between JConsole and Red Hat JBoss Fuse occurs over SSL.
  3. When JConsole opens, select the option Remote Process in the New Connection wizard.
  4. Under the Remote Process option, enter these values for the service:jmx:<protocol>:<sap> url, Username, and Password: 
    service:jmx:<protocol>:<sap>: service:jmx:rmi://localhost:44444/jndi/rmi://localhost:1099/karaf-root
Username: admin
Password: admin
    Copy to Clipboard Toggle word wrap
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat