Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

2.3. Enabling Remote JMX SSL

Overview
링크 복사

Red Hat JBoss Fuse provides a JMX port that allows remote monitoring and management of Fuse containers via MBeans. To prevent unauthorized access to data and applications, you need to secure JMX communications by configuring JMX over SSL.
Configuring JMX over SSL access, involves:
After you have configured JMX over SSL access, you should test the connection.
Note
If you configure JMX over SSL while Red Hat JBoss Fuse is running, you will need to restart it.

Prerequisites
링크 복사

If you haven't already done so, you need to:
  • Set your JAVA_HOME environment variable
  • Configure a JBoss Fuse user with the admin role
    Edit the <installDir>/jboss-fuse6.0.redhat-024/etc/users.properties file to enable the default admin user by uncommenting the line #admin=admin,admin. Alternatively, you can define another user with the admin role.
  • cd to <installDir>/jboss-fuse6.0.redhat-024/etc.

Create the jbossweb.keystore
링크 복사

At the command line, using -dname values appropriate for your application, type this command: 
$JAVA_HOME/bin/keytool -genkey -v -alias jbossalias -keyalg RSA -keysize 1024 -keystore 
jbossweb.keystore -validity 3650 -keypass JbossPassword -storepass 
JbossPassword -dname "CN=127.0.0.1, OU=RedHat Software Unit, O=RedHat, 
L=Boston, S=Mass, C=USA"
Copy to Clipboard Toggle word wrap
Important
Type the entire command on the same command line.
The command returns output that looks like this: 
Generating 1,024 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 3,650 days
	for: CN=127.0.0.1, OU=RedHat Software Unit, O=RedHat, L=Boston, ST=Mass, C=USA
New certificate (self-signed):
[
[
  Version: V3
  Subject: CN=127.0.0.1, OU=RedHat Software Unit, O=RedHat, L=Boston, ST=Mass, C=USA
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 1024 bits
  modulus: 1123086025790567043604962990501918169461098372864273201795342440080393808
     1594100776075008647459910991413806372800722947670166407814901754459100720279046
     3944621813738177324031064260382659483193826177448762030437669318391072619867218
     036972335210839062722456085328301058362052369248473659880488338711351959835357
  public exponent: 65537
  Validity: [From: Thu Jun 05 12:19:52 EDT 2014,
               To: Sun Jun 02 12:19:52 EDT 2024]
  Issuer: CN=127.0.0.1, OU=RedHat Software Unit, O=RedHat, L=Boston, ST=Mass, C=USA
  SerialNumber: [    4666e4e6]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AC 44 A5 F2 E6 2F B2 5A   5F 88 FE 69 60 B4 27 7D  .D.../.Z_..i`.'.
0010: B9 81 23 9C                                        ..#.
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 01 1D 95 C0 F2 03 B0 FD   CF 3A 1A 14 F5 2E 04 E5  .........:......
0010: DD 18 DD 0E 24 60 00 54   35 AE FE 36 7B 38 69 4C  ....$`.T5..6.8iL
0020: 1E 85 0A AF AE 24 1B 40   62 C9 F4 E5 A9 02 CD D3  .....$.@b.......
0030: 91 57 60 F6 EF D6 A4 84   56 BA 5D 21 11 F7 EA 09  .W`.....V.]!....
0040: 73 D5 6B 48 4A A9 09 93   8C 05 58 91 6C D0 53 81  s.kHJ.....X.l.S.
0050: 39 D8 29 59 73 C4 61 BE   99 13 12 89 00 1C F8 38  9.)Ys.a........8
0060: E2 BF D5 3C 87 F6 3F FA   E1 75 69 DF 37 8E 37 B5  ...<..?..ui.7.7.
0070: B7 8D 10 CC 9E 70 E8 6D   C2 1A 90 FF 3C 91 84 50  .....p.m....<..P

]
[Storing jbossweb.keystore]
Copy to Clipboard Toggle word wrap
Check whether <installDir>/jboss-fuse6.0.redhat-024/etc now contains the file jbossweb.keystore.

Create the keystore.xml file
링크 복사

  1. Using your favorite xml editor, create and save the keystore.xml file in the <installDir>/jboss-fuse6.0.redhat-024/etc directory.
  2. Include this text in the file: 
    <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
           xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0">
     <jaas:keystore name="sample_keystore"
                    rank="1"
                    path="file:etc/jbossweb.keystore"
                    keystorePassword="JbossPassword" 
                    keyPasswords="jbossalias=JbossPassword" />
</blueprint>
    Copy to Clipboard Toggle word wrap
    Check whether <installDir>/jboss-fuse6.0.redhat-024/etc now contains the file keystore.xml.

Ensure that the keystore.xml file is loaded at the appropriate time
링크 복사

Create the org.apache.felix.fileinstall-keystore.cfg file.
  1. Using your favorite text editor, create and save the org.apache.felix.fileinstall-keystore.cfg file in the <installDir>/jboss-fuse6.0.redhat-024/etc directory.
  2. Include these properties in the file: 
    feilx.fileinstall.dir        = ${karaf.base}/etc
feilx.fileinstall.filter     = keystore\\.xml
feilx.fileinstall.poll       = 1000
feilx.fileinstall.noInitialDelay  = true
feilx.fileinstall.log.level  = 3
feilx.fileinstall.start.level     = 25
    Copy to Clipboard Toggle word wrap
    Check whether <installDir>/jboss-fuse6.0.redhat-024/etc now contains the file org.apache.felix.fileinstall-keystore.cfg.

Add the required properties to org.apache.karaf.management.cfg
링크 복사

Edit the <installDir>/jboss-fuse6.0.redhat-024/etc/org.apache.karaf.management.cfg file to include these properties at the end of the file: 
secured = true
secureProtocol = SSL
keyAlias = jbossalias
keyStore = sample_keystore
trustStore = sample_keystore
Copy to Clipboard Toggle word wrap

Testing the Secure JMX connection
링크 복사

  1. Restart Red Hat JBoss Fuse, if necessary.
    Note
    When you restart Red Hat JBoss Fuse, fuse.log will contain an INFO message that the OsgiKeystoreManager could not find the sample_keystore you configured in the org.apache.karaf.management.cfg file. This occurs because the sample_keystore was not loaded at the time the OSGi management bundle was loading.
    But the org.pache.felix.fileinstall-keystore.cfg file you created forces the OSGi management bundle to reload and scan the keystore, enabling JConsole to connect successfully to Red Hat JBoss Fuse over SSL.
  2. Open a terminal, and start up JConsole by entering this command: 
    jconsole -J-Djavax.net.debug=all -J-Djavax.net.ssl.trustStore=/NotBackedUp/FuseSource/
jboss-fuse-6.0.0.redhat-024/etc/jbossweb.keystore -J-Djavax.net.ssl.trustStoreType=JKS 
-J-Djavax.net.ssl.trustStorePassword=JbossPassword
    Copy to Clipboard Toggle word wrap
    Important
    Type the entire command on the same command line.
    Note
    The system property -J-Djavax.net.debug=all shows all transport information, including SSL handshake messages, confirming that communication between JConsole and Red Hat JBoss Fuse occurs over SSL.
  3. When JConsole opens, select the option Remote Process in the New Connection wizard.
  4. Under the Remote Process option, enter these values for the service:jmx:<protocol>:<sap> url, Username, and Password: 
    service:jmx:<protocol>:<sap>: service:jmx:rmi://localhost:44444/jndi/rmi://localhost:1099/karaf-root
Username: admin
Password: admin
    Copy to Clipboard Toggle word wrap
맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat