Secure JMX with TLS Encryption


How to Secure JMX with Basic Auth (username:password) and TLS Encryption/Authentication


First setup JMX with basic auth as shown in the Secure JMX: Basic Auth page.

To enable TLS Encryption/Authentication in JMX you need a jks keystore and truststore.

Please note that both JKS Truststore and Keystore should have the same password.

The reason for this is because the class will use the password you pass to the Keystore as the keypassword

Let’s assume this java process is Kafka and that you have installed the keystore.jks and truststore.jks under `/etc/certs``

Export the following options in the user’s env which will run Kafka.

export BROKER_JMX_OPTS= " \ \ \
  -Djava.rmi.server.hostname= \ \ \ \ \ \ \ \ \ \