search cancel

Qualsys scans showing clear text authentication on DA and DC

book

Article ID: 242868

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration

Issue/Introduction

This is the error text that I get for the aggregator only. I have something similar  with the Data Collectors.

JMX Server Allows Clear Text Authentication is detected. caprfmgt 1169 1.6 7.2 6979220 1172176 ? Sl May25 95:56 /apps/CA/IMDataAggregator/jre/bin/java -Xms1589M -Xmx3177M -Xmn794M -server -XX:SurvivorRatio=6 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:TargetSurvivorRatio=90 -XX:InitialTenuringThreshold=15 -XX:MaxTenuringThreshold=15 -XX:+ScavengeBeforeFullGC -XX:+ExplicitGCInvokesConcurrent -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+CMSClassUnloadingEnabled -XX:OnOutOfMemoryError=/apps/CA/IMDataAggregator/scripts/activemq stop -Dcom.sun.management.jmxremote.port=11099 -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.password.file=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8/conf/jmx.password -Dcom.sun.management.jmxremote.access.file=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8/conf/jmx.access -Djava.util.logging.config.file=logging.properties -Djava.security.auth.login.config=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8/conf/login.config -Dcom.sun.management.jmxremote -Djava.awt.headless=true -Djava.io.tmpdir=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8//tmp -Dactivemq.classpath=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8//conf:/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8//../lib/: -Dactivemq.home=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8/ -Dactivemq.base=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8/ -Dactivemq.conf=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8//conf -Dactivemq.data=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8//data -jar /apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8//bin/activemq.jar start caprfmgt 1191 12.1 64.8 14004464 10484180 ? Sl May25 709:34 /apps/CA/IMDataAggregator/jre/bin/java -Xms2048M -Xmx9531M -server -Xms2048M -Xmx9531M -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass -Dcom.sun [TRUNCATED 1807 Characters]

 

Environment

Dx NetOps Performance Management 21.2

Resolution

21.2.11 has added JMX SSL and encrypting password in jmx.password.

 

We have updated the DA sslConfig.sh to enable JMX SSL.  We also added a sslConfig.sh to DC to configure DC https and JMX SSL at same time.

 

During the 21.2.11 upgrade the DA will secure JMX SSL if DA is running HTTPS.

Additional Information

For the securing of JMX to be complete, all Data Aggregators and Data Collectors need to be configured utilizing the sslConfig.sh script on that server.