LibraryToggle FramesPrintFeedback

To enable SSL/TLS on the platform JMX connector, you need to set the following system properties in the environment (see also Configuring JSSE System Properties):

A boolean property, which must be set to true to enable SSL/TLS on the JMX endpoint.

Specifies the location of the key store containing the broker's own X.509 certificate.

Specifies the password that unlocks the key store and decrypts the private key stored in the key store.


It is not possible to enable SSL/TLS security without JMX remote authentication. JMX remote authentication is a prerequisite for enabling SSL/TLS on the JMX port.

Modify the activemq[.bat] startup script in the ACTIVEMQ_BASE/bin/ directory, as appropriate for your platform:

If you have already enabled JMX remote authentication (as described in Authentication for the Platform JMX Connector) the changes that you need to make here are to enable SSL, by setting to true, and to add the keyStore and keyStorePassword settings as shown.

To test the secure platform JMX connector, perform the following steps:

  1. Start up the standalone broker. Open a new command prompt and run the startup script, as follows:

  2. Start up the JConsole with the required SSL/TLS client settings, as follows:


    Where the jconsole command uses the standard JSSE system properties to specify the relevant client trust store (see Configuring JSSE System Properties for details).


    Don't forget the -J switch, which passes the options through to the underlying Java virtual machine (JVM).

  3. You should be able to connect to the JVM platform JMX connector using the following JMX URL:


    Where you substitute Hostname with the name of the host where the broker is running.

    When the JConsole: New Connection dialog pops up, enter the preceding JMX URL in the Remote Process: field, and enter the credentials for one of the JMX users in the Username and Password fields, as shown. Click Connect.

Comments powered by Disqus
loading table of contents...