LibraryToggle FramesPrintFeedback

SSL/TLS for the Platform JMX Connector


System properties for SSL/TLS

To enable SSL/TLS on the platform JMX connector, you need to set the following system properties in the environment (see also Configuring JSSE System Properties):

A boolean property, which must be set to true to enable SSL/TLS on the JMX endpoint.

Specifies the location of the key store containing the broker's own X.509 certificate.

Specifies the password that unlocks the key store and decrypts the private key stored in the key store.


It is not possible to enable SSL/TLS security without JMX remote authentication. JMX remote authentication is a prerequisite for enabling SSL/TLS on the JMX port.

Enable SSL/TLS

Modify the activemq[.bat] startup script in the ACTIVEMQ_BASE/bin/ directory, as appropriate for your platform:


Search the activemq.bat script for SUNJMX and replace the lines you find with the following lines:

set SUNJMX=%SUNJMX%\conf\jmx.password
set SUNJMX=%SUNJMX%\conf\jmx.access
set SUNJMX=%SUNJMX%\conf\broker.ks

Search the activemq script for ACTIVEMQ_SUNJMX_START and replace the lines you find with the following lines:


If you have already enabled JMX remote authentication (as described in Authentication for the Platform JMX Connector) the changes that you need to make here are to enable SSL, by setting to true, and to add the keyStore and keyStorePassword settings as shown.

Test the secure connection

To test the secure platform JMX connector, perform the following steps:

  1. Start up the standalone broker. Open a new command prompt and run the startup script, as follows:

  2. Start up the JConsole with the required SSL/TLS client settings, as follows:


    Where the jconsole command uses the standard JSSE system properties to specify the relevant client trust store (see Configuring JSSE System Properties for details).


    Don't forget the -J switch, which passes the options through to the underlying Java virtual machine (JVM).

  3. You should be able to connect to the JVM platform JMX connector using the following JMX URL:


    Where you substitute Hostname with the name of the host where the broker is running.

    When the JConsole: New Connection dialog pops up, enter the preceding JMX URL in the Remote Process: field, and enter the credentials for one of the JMX users in the Username and Password fields, as shown. Click Connect.

Comments powered by Disqus