Connecting JVisualVM to remote payara full instance w/ secure admin enabled?

Phillip Ross

unread,

Oct 6, 2017, 6:18:52 PM10/6/17

to Payara Forum

I can never remember the proper way to do this... but I'd like to connect JVisualVM to a remote payara server that is configured in secure admin mode.

The instance is in secure admin mode, and I can log into the admin GUI on port 4848 with a username (admin) and a password, but JVisualVM claims that it can't connect.

I'm using the following service name format with the 0.0.0.0 replaced with the IP address:

service:jmx:rmi://0.0.0.0:8686/jndi/rmi://0.0.0.0:8686/jmxrmi

Ondrej Mihályi

unread,

Oct 11, 2017, 6:35:11 AM10/11/17

to Phillip Ross, Payara Forum

To access a remote secured Payara Server over JMX, you have to use the SSL connection (which is the default).

For a SSL connection to work, you need to use the same SSL certificate as used in Payara Server. This certificate is not available in standard JDK, so you'll need to add the file keystore.jks in the domain directory to JVisualVM:

1. copy the file keystore.jks from the remote server to e.g. /payara/keystore.jks

2. run JVisualVM from command line using additional arguments to specify the truststore and a password to it

JVisualVM is built using Netbeans toolkit, so it's possible to pass system properties via -J-D argument.

The command line looks like this with the default password "changeit":

jvisualvm -J-Djavax.net.ssl.trustStore=/payara/keystore.jks -J-Djavax.net.ssl.trustStorePassword=changeit

That should do it - it works for me locally.

Regards,

Ondro

--
You received this message because you are subscribed to the Google Groups "Payara Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to payara-forum+unsubscribe@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/payara-forum/bab6ea33-d004-4ac0-918b-bdec421ed97d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Phillip Ross

unread,

Oct 11, 2017, 2:11:19 PM10/11/17

to Payara Forum

I think this is exactly what I was looking for. I'll try it out. thanks!

On Wednesday, October 11, 2017 at 6:35:11 AM UTC-4, Ondro Mihályi wrote:

To access a remote secured Payara Server over JMX, you have to use the SSL connection (which is the default).

For a SSL connection to work, you need to use the same SSL certificate as used in Payara Server. This certificate is not available in standard JDK, so you'll need to add the file keystore.jks in the domain directory to JVisualVM:

1. copy the file keystore.jks from the remote server to e.g. /payara/keystore.jks
2. run JVisualVM from command line using additional arguments to specify the truststore and a password to it

JVisualVM is built using Netbeans toolkit, so it's possible to pass system properties via -J-D argument.
The command line looks like this with the default password "changeit":

jvisualvm -J-Djavax.net.ssl.trustStore=/payara/keystore.jks -J-Djavax.net.ssl.trustStorePassword=changeit

That should do it - it works for me locally.

Regards,
Ondro

2017-10-07 0:18 GMT+02:00 Phillip Ross <phillip....@gmail.com>:

I can never remember the proper way to do this... but I'd like to connect JVisualVM to a remote payara server that is configured in secure admin mode.
The instance is in secure admin mode, and I can log into the admin GUI on port 4848 with a username (admin) and a password, but JVisualVM claims that it can't connect.

I'm using the following service name format with the 0.0.0.0 replaced with the IP address:
service:jmx:rmi://0.0.0.0:8686/jndi/rmi://0.0.0.0:8686/jmxrmi

--
You received this message because you are subscribed to the Google Groups "Payara Forum" group.

To unsubscribe from this group and stop receiving emails from it, send an email to payara-forum...@googlegroups.com.

Phillip Ross

unread,

Oct 14, 2017, 5:31:47 PM10/14/17

to Payara Forum

Copying down the keystore to the local machine and specify the keystore and it's password on the command line works, but it's not ideal :/

I also was trying to setup an ssh tunnel from the local machine to the remote machine but this doesn't seem to work. I used to do this with jconsole... connect to jmx port on 8686 over an ssh tunnel, but jvisualvm simply says it "Cannot connect to server" and gives me no way to troubleshoot.

Ondro Mihályi

unread,

Oct 20, 2017, 11:20:02 AM10/20/17

to Payara Forum

You can show the log of jVisualVM from the menu:

Help -> About -> Logfile

David Andrade

unread,

Oct 24, 2018, 2:39:04 PM10/24/18

to Payara Forum

Hi I create a BLOG with solution

https://ayudasdesarrollo.blogspot.com/2018/10/visualvm-payara5-remote-connection-rmi.html

Reply all

Reply to author

Forward