Skip to content

CAUTION: This site hosts draft documentation for the next release. For published content of the latest release, visit

-XX:JITServerSSLCert / -XX:JITServerSSLKey / -XX:JITServerSSLRootCerts

Options for encrypting network communication between JITServer servers and JITServer client VMs.



The files must all be in .pem file format.

Setting Effect Default
-XX:JITServerSSLCert Set server's SSL certificate None
-XX:JITServerSSLKey Set server's SSL key None
-XX:JITServerSSLRootCerts Set client's SSL root certificate None


You can encrypt network communication by using OpenSSL 1.0.x, 1.1.x, or 3.x. To enable encryption, specify the private key (<key>.pem) and the certificate (<cert>.pem) at the server:

-XX:JITServerSSLKey=<key>.pem -XX:JITServerSSLCert=<cert>.pem

and use the certificate at the client:


You must specify all three options for the client to be able to connect to the server. If the client cannot connect, it is forced to perform all compilations locally instead.

For more details and further discussion about security considerations, see the blog post Free your JVM from the JIT with JITServer Technology.

See also