Configuring secure JMX connection to the Liberty profile

You can access the secured Java™ Management Extensions (JMX) connectors on the Liberty profile by using SSL. The secured JMX connection is enabled by the Liberty profile feature restConnector-1.0.

1. Enable the REST connector using the following code in the server.xml file.

   <featureManager>
        <feature>restConnector-1.0</feature>
   </featureManager>

2. Configure SSL certificates in the server.xml file.
3. Configure a user or group to the administrator role in the server.xml file.
   • Map to the administrator role for the Liberty profile
4. Access the REST connector from a JMX client application or by using the jConsole tool provided in the Java SDK. Use -J flags to pass the system properties as Java options and set the class path to include the connector class files. The connector class files are packed in the clients/restConnector.jar file.
   • Use the following properties for SSL certificates:

     -J-Djavax.net.ssl.trustStore=<location of your client trust store>
     -J-Djavax.net.ssl.trustStorePassword=<password for the trust store>
     -J-Djavax.net.ssl.trustStoreType=<type of trust store>

     The following example shows the jConsole tool being used with SSL configurations:

     jconsole -J-Djava.class.path=%JAVA_HOME%/lib/jconsole.jar;
                                  %JAVA_HOME%/lib/tools.jar;
                                  %WLP_HOME%/clients/restConnector.jar
              -J-Djavax.net.ssl.trustStore=key.jks 
              -J-Djavax.net.ssl.trustStorePassword=Liberty 
              -J-Djavax.net.ssl.trustStoreType=jks

     After the jConsole starts, select Remote Process, and enter the JMX service URL: service:jmx:rest://<host>:<port>/IBMJMXConnectorREST. The port number is the HTTPS port. You must also provide the user name and password.
   Note:

   You can specify some JMX REST connection options as system properties. See Liberty profile: JMX REST connector settings.