All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

JMS Messaging Modular Input: How to call a data input that uses SSL Splunk?

jgomez2011
Explorer
‎09-19-2014 01:17 PM

We have installed the 'JMS Messaging Modular Input' application in Splunk 6.1. It works fine if the 'JNDI Provider URL' is non SSL such as:
tcp://localhost:61617

When we change our broker to use SSL i.e. ssl://localhost:61617, Splunk throws an exception, since it cannot find the broker's certificate

This is the exception:

message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
message from "python C:\Splunk\etc\apps\jms_ta\bin\jms.py" at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)

I really can't find any documentation in Splunk that explains how to import the broker's certificate into Splunk's environment. All I see is the instructions on how to set up SSL between Splunk's nodes.

Has anyone been able work through this before or found a guide on how to set this up?

Thank you in advance.

-Juan

Reply
1 Solution
Solved! Jump to solution
Solution

Damien_Dallimor
Ultra Champion
‎09-19-2014 01:48 PM

I really can't find any documentation
in Splunk that explains how to import
the broker's certificate into Splunk's
environment. All I see is the
instructions on how to set up SSL
between Splunk's nodes.

This is nothing to do with core Splunk configuration. You are using the JMS Messaging Modular Input , so typically you would set JVM system properties for SSL client settings. Available properties are Googleable.

javax.net.ssl.keyStore

This property is used to specify the location of the key store. A key store is a database of key material that are used for various purposes, including authentication and data integrity. This property takes a String value. Any valid key store location can be assigned to this property. The default value is NULL.

javax.net.ssl.keyStoreType

This property denotes the type of the key store. It takes a String value. Any valid key store type supported by SSL can be assigned to this property. The default value is KeyStore.getDefaultValue().

javax.net.ssl.keyStorePassword

This property specifies the password of the key store. This password value is used to check the integrity of the data in the key store before accessing it. This property takes a String value. It does not have a default value.

javax.net.ssl.trustStore

This property is used to specify the location of the trust store. A trust store is a key store that is used when making decisions about which clients and servers can be trusted. The property takes a String value that specifies a valid trust store location. The default value is jssecacerts, if available, or cacerts.

javax.net.ssl.trustStoreType

This property denotes the type of the trust store. It takes a String value. Any valid trust store type supported by SSL can be assigned to this property. The default value is TrustStore.getDefaultValue().

javax.net.ssl.trustStorePassword

This property is used to set the password for the trust store. The trust store password is used to check the integrity of the data in the trust store before accessing it. The property takes a String value. It does not have any default value.

In the setup for your JMS stanza there is a field for entering these.

-Djavax.net.ssl.keyStore=somepath,-Djavax.net.ssl.keyStoreType=sometype, .......

alt text

View solution in original post

Preview file
1 KB
Reply
Solved! Jump to solution
Solution

Damien_Dallimor
Ultra Champion
‎09-19-2014 01:48 PM

I really can't find any documentation
in Splunk that explains how to import
the broker's certificate into Splunk's
environment. All I see is the
instructions on how to set up SSL
between Splunk's nodes.

This is nothing to do with core Splunk configuration. You are using the JMS Messaging Modular Input , so typically you would set JVM system properties for SSL client settings. Available properties are Googleable.

javax.net.ssl.keyStore

This property is used to specify the location of the key store. A key store is a database of key material that are used for various purposes, including authentication and data integrity. This property takes a String value. Any valid key store location can be assigned to this property. The default value is NULL.

javax.net.ssl.keyStoreType

This property denotes the type of the key store. It takes a String value. Any valid key store type supported by SSL can be assigned to this property. The default value is KeyStore.getDefaultValue().

javax.net.ssl.keyStorePassword

This property specifies the password of the key store. This password value is used to check the integrity of the data in the key store before accessing it. This property takes a String value. It does not have a default value.

javax.net.ssl.trustStore

This property is used to specify the location of the trust store. A trust store is a key store that is used when making decisions about which clients and servers can be trusted. The property takes a String value that specifies a valid trust store location. The default value is jssecacerts, if available, or cacerts.

javax.net.ssl.trustStoreType

This property denotes the type of the trust store. It takes a String value. Any valid trust store type supported by SSL can be assigned to this property. The default value is TrustStore.getDefaultValue().

javax.net.ssl.trustStorePassword

This property is used to set the password for the trust store. The trust store password is used to check the integrity of the data in the trust store before accessing it. The property takes a String value. It does not have any default value.

In the setup for your JMS stanza there is a field for entering these.

-Djavax.net.ssl.keyStore=somepath,-Djavax.net.ssl.keyStoreType=sometype, .......

alt text

Preview file
1 KB
Reply
Solved! Jump to solution

jgomez2011
Explorer
‎09-22-2014 08:36 AM

Thank you for pointing the JVM Properties out. I was able to solve the issue with your suggestion.

When specifying the properties the following worked:

javax.net.ssl.keyStore=pathto\client.ks,javax.net.ssl.keyStorePassword=xxxxx,javax.net.ssl.trustStore=pathto\client.ts

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...