Forum Discussion

Keimond's avatar
Icon for Neophyte rankNeophyte
4 years ago

Tomcat/JMX monitoring with SSL

Has anyone enabled SSL on JMX and gotten it to work ?

Following directions on Tomcat | LogicMonitor, I can make it work with authentication but ""

If I set that to true I'm getting 
Fail to get the jmx result - java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: Received fatal alert: handshake_failure"

I have also tried to pass "" and "" with no luck.

SSL to my web page (using the same keystore) works fine so I would assume that the file is ok.. the only item I see in the catalina.out log that might have something that helps  ?
"03-May-2021 12:18:05.238 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The Apache Tomcat Native library which allows using OpenSSL was not found on the java.library.path: [/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib]"

3 Replies

  • Anonymous's avatar

    Definitely something to take up with support, if you haven't already.

  • Thanks I have reached out to support for their suggestions!

  • So I gave up on SSL as it turns out the behavior is not what I thought it was and we do not need it. I do have it working great with authentication which is all I need.

    Now I just have to figure out why our test server works and our production server doesn't !

    my file sources a file set up by ansible...

    CATALINA_OPTS=" \{{ jira_lm_jmxport }} \ \ \{{ jira_lm_jmxpath }}/jmxremote.password \{{ jira_lm_jmxpath }}/jmxremote.access \
    -Djava.rmi.server.hostname={{ ansible_default_ipv4.address }}"

    I've run tcpdump on the production server and wireshark back on my windows collector and verified that the two are in fact talking to each other on the jira_lm_jmxport

    The error indicates that it's timing out. I tried increasing the timeout for jmx on the collector and was still getting a timeout but perhaps I need to try longer...

    On Friday I'll be restarting the service after adding these two lines to see if that helps after reading some posts
 {{ jira_lm_jmxport }} \ \