-XX:JITServerSSLCert / -XX:JITServerSSLKey / -XX:JITServerSSLRootCerts
Options for encrypting network communication between JITServer servers and JITServer client VMs.
Syntax
-XX:JITServerCert=<cert_file>
-XX:JITServerKey=<key_file>
-XX:JITServerSSLRootCerts=<root_certs_file>
The files must all be in .pem file format.
| Setting | Effect | Default |
|---|---|---|
-XX:JITServerSSLCert |
Set server's SSL certificate | None |
-XX:JITServerSSLKey |
Set server's SSL key | None |
-XX:JITServerSSLRootCerts |
Set client's SSL root certificate | None |
Explanation
You can encrypt network communication by using OpenSSL 1.0.x, 1.1.x, or 3.x. To enable encryption, specify the private key (<key>.pem) and the certificate (<cert>.pem) at the server:
-XX:JITServerSSLKey=<key>.pem -XX:JITServerSSLCert=<cert>.pem
and use the certificate at the client:
-XX:JITServerSSLRootCerts=<cert>.pem
You must specify all three options for the client to be able to connect to the server. If the client cannot connect, it is forced to perform all compilations locally instead.
For more details and further discussion about security considerations, see the blog post Free your JVM from the JIT with JITServer Technology.