Limitations of the "config import-java" command
CLC can import a limited subset of Hazelcast client XML configuration using the config import-java command. However, configuration features that depend on Java-specific XML features, such as replacers, are not supported. See the CLC Documentation for further information. The recommended workaround is to remove any use of, or references to, variable replacers in your config file.
CLC fails to connect when client passwords are used
As a workaround, you can either:
-
Use the original Management Center Console
-
Not use username/password auth on Hazelcast Platform
| mTLS can be supported to maintain a secure cluster. |
CLC does not connect when security certificates are missing
Management Center’s embedded CLC does not connect when the security certificates are missing. Ensure that the correct security certificates are included.
CLC cannot use keystores/truststores that use JKS
CLC can only use PEM files for SSL certificates. As a workaround, you can either:
-
Enable the original Management Center console, which runs directly on the members (and therefore does not require a TLS certificate) by setting
hazelcast.mc.original.console.enabledto true. -
Convert your JKS certs to PEM. For more information, see Configuring Hazelcast for OpenSSL. Note that:
-
If you use trustStore, using the
trustStoreproperty is not recommended — usetrustCertCollectionFileinstead. -
If you use keyStore, using the
keyStoreproperty is not recommended — usekeyFileandkeyCertChainFileinstead. If you must use it, then it must be converted to PKCS12. -
To convert from JKS to PEM:
-
# Convert JKS file into PKCS12
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -srcstoretype JKS -deststoretype PKCS12
# Convert PKCS12 file to PEM
openssl pkcs12 -in keystore.p12 -out keystore.pem