All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk JMS Modular Input broker cannot find trusted certificate

rkcullen
New Member
‎11-03-2016 08:49 AM

I've installed the JMS Modular input 1.5.1. My system connects to a broker vial SSL but I cannot resolve this problem. The error in the logs from the client is:
"message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The error from the broker is : javax.net.ssl.SSLHandshakeException:Received fatal alert: certificate_unknown

From this I believe that the trustStore certificate is not being found in the jndi user properties. The certificate works with other implementations

Here is the stanza in my input.conf:
[jms://topic/dynamicTopics/domain.mytopic]
browse_queue_only = 0
durable = 0
heo_batch_mode = 0
heo_https = 0
index_message_header = 0
index_message_properties = 0
init_mode = jndi
jms_connection_factory_name = ConnectionFactory
jndi_initialcontext_factory = org.apache.activemq.jndi.ActiveMQIntialContextFactory
jndi_provider_url = ssl://127.0.0.1:7220
output_type = stdout
sourcetype = _json
strip_newlines = 1
jndi_pass = abc
jndi_user = _abc
index = main
browse_mode = all
user_jndi_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎11-03-2016 01:30 PM

Rather than : 

user_jndi_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1

Try:

jvm_system_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1
0 Karma
Reply

rkcullen
New Member
‎11-04-2016 05:43 AM

I made this change but the error persists:

ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" Caused by: sun.security.provider.certpath.SunCertPathBuilderExcedption: unable to find valid certification path to requested target

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎11-04-2016 12:31 PM

What is your latest inputs.conf ?

Do you have more logs to show around that exception ?

0 Karma
Reply

rkcullen
New Member
‎11-04-2016 12:51 PM

Updated inputs.conf

[jms://topic/dynamicTopics/domain.mytopic]
browse_queue_only = 0
durable = 0
heo_batch_mode = 0
heo_https = 0
index_message_header = 0
index_message_properties = 0
init_mode = jndi
jms_connection_factory_name = ConnectionFactory
jndi_initialcontext_factory = org.apache.activemq.jndi.ActiveMQIntialContextFactory
jndi_provider_url = ssl://127.0.0.1:7220
output_type = stdout
sourcetype = _json
strip_newlines = 1
jndi_pass = abc
jndi_user = _abc
index = main
browse_mode = all
jms_system_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1

Stack trace:
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.validator.Validator.validate(Validator.java:260)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" ... 22 more
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

0 Karma
Reply

hunderliggur
Path Finder
‎11-10-2016 08:41 AM

I have worked on this also. It almost appears like:

jms_system_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1

is NOT being processed by the JMS App. File permissions and ownership have been verified as accessible for the Splunk application. Other attributes do appear to be processed, just not this one. We made a Java stand alone app with the same settings and that does work.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...