search cancel

Qualsys scans showing clear text authentication on DA and DC

book

Article ID: 242868

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration

Issue/Introduction

This is the error text that I get for the aggregator only. I have something similar  with the Data Collectors.

JMX Server Allows Clear Text Authentication is detected. caprfmgt 1169 1.6 7.2 6979220 1172176 ? Sl May25 95:56 /apps/CA/IMDataAggregator/jre/bin/java -Xms1589M -Xmx3177M -Xmn794M -server -XX:SurvivorRatio=6 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:TargetSurvivorRatio=90 -XX:InitialTenuringThreshold=15 -XX:MaxTenuringThreshold=15 -XX:+ScavengeBeforeFullGC -XX:+ExplicitGCInvokesConcurrent -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+CMSClassUnloadingEnabled -XX:OnOutOfMemoryError=/apps/CA/IMDataAggregator/scripts/activemq stop -Dcom.sun.management.jmxremote.port=11099 -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.password.file=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8/conf/jmx.password -Dcom.sun.management.jmxremote.access.file=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8/conf/jmx.access -Djava.util.logging.config.file=logging.properties -Djava.security.auth.login.config=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8/conf/login.config -Dcom.sun.management.jmxremote -Djava.awt.headless=true -Djava.io.tmpdir=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8//tmp -Dactivemq.classpath=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8//conf:/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8//../lib/: -Dactivemq.home=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8/ -Dactivemq.base=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8/ -Dactivemq.conf=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8//conf -Dactivemq.data=/apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8//data -jar /apps/CA/IMDataAggregator/broker/apache-activemq-5.15.8//bin/activemq.jar start caprfmgt 1191 12.1 64.8 14004464 10484180 ? Sl May25 709:34 /apps/CA/IMDataAggregator/jre/bin/java -Xms2048M -Xmx9531M -server -Xms2048M -Xmx9531M -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass -Dcom.sun [TRUNCATED 1807 Characters]

 

Environment

Dx NetOps Performance Management 21.2

Resolution

21.2.11 has added JMX SSL and encrypting password in jmx.password.

 

We have updated the DA sslConfig.sh to enable JMX SSL.  We also added a sslConfig.sh to DC to configure DC https and JMX SSL at same time.

 

During the 21.2.11 upgrade the DA will secure JMX SSL if DA is running HTTPS.