I've installed the JMS Modular input 1.5.1. My system connects to a broker vial SSL but I cannot resolve this problem. The error in the logs from the client is:
"message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The error from the broker is : javax.net.ssl.SSLHandshakeException:Received fatal alert: certificate_unknown
From this I believe that the trustStore certificate is not being found in the jndi user properties. The certificate works with other implementations
Here is the stanza in my input.conf:
[jms://topic/dynamicTopics/domain.mytopic]
browse_queue_only = 0
durable = 0
heo_batch_mode = 0
heo_https = 0
index_message_header = 0
index_message_properties = 0
init_mode = jndi
jms_connection_factory_name = ConnectionFactory
jndi_initialcontext_factory = org.apache.activemq.jndi.ActiveMQIntialContextFactory
jndi_provider_url = ssl://127.0.0.1:7220
output_type = stdout
sourcetype = _json
strip_newlines = 1
jndi_pass = abc
jndi_user = _abc
index = main
browse_mode = all
user_jndi_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1
Rather than :
user_jndi_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1
Try:
jvm_system_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1
I made this change but the error persists:
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" Caused by: sun.security.provider.certpath.SunCertPathBuilderExcedption: unable to find valid certification path to requested target
What is your latest inputs.conf ?
Do you have more logs to show around that exception ?
Updated inputs.conf
[jms://topic/dynamicTopics/domain.mytopic]
browse_queue_only = 0
durable = 0
heo_batch_mode = 0
heo_https = 0
index_message_header = 0
index_message_properties = 0
init_mode = jndi
jms_connection_factory_name = ConnectionFactory
jndi_initialcontext_factory = org.apache.activemq.jndi.ActiveMQIntialContextFactory
jndi_provider_url = ssl://127.0.0.1:7220
output_type = stdout
sourcetype = _json
strip_newlines = 1
jndi_pass = abc
jndi_user = _abc
index = main
browse_mode = all
jms_system_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1
Stack trace:
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.validator.Validator.validate(Validator.java:260)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" ... 22 more
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have worked on this also. It almost appears like:
jms_system_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1
is NOT being processed by the JMS App. File permissions and ownership have been verified as accessible for the Splunk application. Other attributes do appear to be processed, just not this one. We made a Java stand alone app with the same settings and that does work.