JConsole SSL Password 认证相关配置备份

# 参考文档

# 相关命令

密码已脱密。

#----------- Linux Side ----------------#

# ~/keystore
cd ~/keystore

# Step 1: Generate key pair on Server or the Host machine 
keytool -genkeypair -keystore serverkeystore -alias serverkey -validity 360000 -storepass uSMi1NHi -keypass uSMi1NHi
keytool -importkeystore -srckeystore serverkeystore -destkeystore serverkeystore -deststoretype pkcs12
keytool -list -v -keystore serverkeystore


# Step 2: Generate the Certificate from the Server’s KeyStore.
keytool -exportcert -keystore serverkeystore -alias serverkey -storepass uSMi1NHi -file server.cer


# Step 3: Generate key pair on Client or the Remote machine (JConsole – Client).
keytool -genkeypair -keystore clientkeystore -alias clientkey -validity 360000 -storepass yCacyr6a -keypass yCacyr6a
keytool -importkeystore -srckeystore clientkeystore -destkeystore clientkeystore -deststoretype pkcs12

# Step 4: Generate the Certificate from the Client’s Keystore.
keytool -exportcert -keystore clientkeystore -alias clientkey -storepass yCacyr6a -file client.cer

# Step 5: Copy the client certificate to the Server machine and import it in Server’s TrusStore.
keytool -importcert -file client.cer -keystore servertruststore -storepass nGlkLaU9

# Step 6: Copy the server certificate to the Client machine and import it in Client’s TrusStore.
keytool -importcert -file server.cer -keystore clienttruststore -storepass eal0o3GT

# vi jmsremote.access
admin readwrite
guest readonly

# vi jmsremote.password
admin xKxska4Y
guest rVzgxi8s

# only program runner can access the password file
chmod 600 jmsremote.password


mv clientkeystore /mnt/c/Archive/JMX/
mv clienttruststore /mnt/c/Archive/JMX/

# Program Parameters
-Dcom.sun.management.jmxremote.port=51661 \
-Dcom.sun.management.jmxremote.authenticate=true \
-Dcom.sun.management.jmxremote.password.file=/home/hw/keystore/jmxremote.password \
-Dcom.sun.management.jmxremote.access.file=/home/hw/keystore/jmxremote.access \
-Dcom.sun.management.jmxremote.ssl=true \
-Dcom.sun.management.jmxremote.ssl.need.client.auth=true \
-Dcom.sun.management.jmxremote.registry.ssl=true \
-Djavax.net.ssl.keyStore=/home/hw/keystore/serverkeystore \
-Djavax.net.ssl.keyStorePassword=uSMi1NHi \
-Djavax.net.ssl.trustStore=/home/hw/keystore/servertruststore \
-Djavax.net.ssl.trustStorePassword=nGlkLaU9 \

#----------- Windows Side ----------------#

jconsole -J-Djavax.net.ssl.keyStore=C:\Archive\JMX\clientkeystore -J-Djavax.net.ssl.keyStorePassword=yCacyr6a -J-Djavax.net.ssl.trustStore=C:\Archive\JMX\clienttruststore -J-Djavax.net.ssl.trustStorePassword=eal0o3GT

10.213.21.88:51661
admin xKxska4Y