This is OPTIONAL procedure. If you want Java Management Extension (JMX) debugging offered by AppDefense Appliance to be encrypted, you can secure Java Management Extension (JMX) by setting up SSL (Secure Sockets Layer). To enable SSL encryption for JMX, you must create SSL certificates and then configure JMX for an individual AppDefense Appliance service.

Procedure

  1. You must install a certificate and configure SSL on the system that you want to use for remote debugging. For more information, refer to the Java Documentation.
    1. To set up SSL, generate a key pair with the keytool -genkey command.
    2. Request a signed certificate from a certificate authority (CA) with the keytool -certreq command.
    3. Import the certificate into your keystore with the keytool -import command.
  2. Configure JMX for individual services as follows.
    1. Find and open the run.sh file at /opt/vmware/appdefense/<service-name>/bin/run.sh, where <service-name> is the name of the particular service. For example, appliance-management-service.
    2. To enable client SSL authentication, set the system property value as true for the -Dcom.sun.management.jmxremote.ssl=true parameter.
      After this property is set to true, to have full security, you must also enable SSL client authentication. The default value of this property is false.
  3. Restart the services, so that SSL is readily available when the JMX client wants to connect to the services.

    To restart services individually, use the systemctl restart <service-name> command. For example,

    systemctl restart appdefense-appliance-management-service

    To restart all the AppDefense services, use the systemctl restart appdefense-* command.