Splunk JMS Modular Input broker cannot find truste...

rkcullen · ‎11-03-2016

I've installed the JMS Modular input 1.5.1. My system connects to a broker vial SSL but I cannot resolve this problem. The error in the logs from the client is:
"message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The error from the broker is : javax.net.ssl.SSLHandshakeException:Received fatal alert: certificate_unknown

From this I believe that the trustStore certificate is not being found in the jndi user properties. The certificate works with other implementations

Here is the stanza in my input.conf:
[jms://topic/dynamicTopics/domain.mytopic]
browse_queue_only = 0
durable = 0
heo_batch_mode = 0
heo_https = 0
index_message_header = 0
index_message_properties = 0
init_mode = jndi
jms_connection_factory_name = ConnectionFactory
jndi_initialcontext_factory = org.apache.activemq.jndi.ActiveMQIntialContextFactory
jndi_provider_url = ssl://127.0.0.1:7220
output_type = stdout
sourcetype = _json
strip_newlines = 1
jndi_pass = abc
jndi_user = _abc
index = main
browse_mode = all
user_jndi_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1

Damien_Dallimor · ‎11-03-2016

Rather than :

user_jndi_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1

Try:

jvm_system_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1

rkcullen · ‎11-04-2016

I made this change but the error persists:

ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" Caused by: sun.security.provider.certpath.SunCertPathBuilderExcedption: unable to find valid certification path to requested target

Damien_Dallimor · ‎11-04-2016

What is your latest inputs.conf ?

Do you have more logs to show around that exception ?

rkcullen · ‎11-04-2016

Updated inputs.conf

[jms://topic/dynamicTopics/domain.mytopic]
browse_queue_only = 0
durable = 0
heo_batch_mode = 0
heo_https = 0
index_message_header = 0
index_message_properties = 0
init_mode = jndi
jms_connection_factory_name = ConnectionFactory
jndi_initialcontext_factory = org.apache.activemq.jndi.ActiveMQIntialContextFactory
jndi_provider_url = ssl://127.0.0.1:7220
output_type = stdout
sourcetype = _json
strip_newlines = 1
jndi_pass = abc
jndi_user = _abc
index = main
browse_mode = all
jms_system_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1

Stack trace:
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.validator.Validator.validate(Validator.java:260)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" ... 22 more
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/binjms.py" Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

hunderliggur · ‎11-10-2016

I have worked on this also. It almost appears like:

jms_system_properties = javax.net.ssl.keyStore=/opt/splunk/keystore.jks,javax.net.ssl.keyStorePassword=changeit,javax.net.ssl.trustStore=/etc/pki/tls/certs/allTrustedPartners.jks,javax.net.ssl.trustStorePassword=Changeit1

is NOT being processed by the JMS App. File permissions and ownership have been verified as accessible for the Splunk application. Other attributes do appear to be processed, just not this one. We made a Java stand alone app with the same settings and that does work.

Splunk JMS Modular Input broker cannot find trusted certificate

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation