All Apps and Add-ons

Why am I getting certificate errors trying to configure the Splunk Add-on for JMX with the Splunk Add-on for Jboss?

jmallorquin
Builder

Hi,

We are trying to set up the Splunk Add-on for JMX (3.1.0) with the Splunk Add-on for Jboss (1.0.0). However, after all processes for configuration, we have this error from index _internal

It looks like the problem is for the certificate, any one have this issue?

    2015-12-22 17:08:20,004 - org.xnio.listener -1090361 [Remoting "endpoint" write-1] ERROR - A channel event listener threw an exception java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at
sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1407) at
sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) at
sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) at
sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) at
javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) at
org.xnio.ssl.JsseConnectedSslStreamChannel.wrap(JsseConnectedSslStreamChannel.java:255) at
org.xnio.ssl.JsseConnectedSslStreamChannel.write(JsseConnectedSslStreamChannel.java:238) at
org.xnio.ssl.JsseConnectedSslStreamChannel.write(JsseConnectedSslStreamChannel.java:197) at
org.xnio.channels.FramedMessageChannel.doFlushBuffer(FramedMessageChannel.java:302) at
org.xnio.channels.FramedMessageChannel.flushAction(FramedMessageChannel.java:282) at
org.xnio.channels.TranslatingSuspendableChannel.flush(TranslatingSuspendableChannel.java:604) at
org.jboss.remoting3.remote.RemoteConnection$RemoteWriteListener.handleEvent(RemoteConnection.java:239) at
org.jboss.remoting3.remote.RemoteConnection$RemoteWriteListener.handleEvent(RemoteConnection.java:214) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) at
org.xnio.channels.TranslatingSuspendableChannel.handleWritable(TranslatingSuspendableChannel.java:243) at
org.xnio.channels.TranslatingSuspendableChannel$2.handleEvent(TranslatingSuspendableChannel.java:113) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) at
org.xnio.channels.TranslatingSuspendableChannel.handleWritable(TranslatingSuspendableChannel.java:243) at
org.xnio.channels.TranslatingSuspendableChannel$2.handleEvent(TranslatingSuspendableChannel.java:113) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) at
org.xnio.nio.NioHandle.run(NioHandle.java:90) at
org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:219) at
org.xnio.nio.WorkerThread.run(WorkerThread.java:132) Caused by: java.lang.RuntimeException:
Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90) at
sun.security.validator.Validator.getInstance(Validator.java:179) at
sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312) at
sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171) at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:239) at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1465) at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at
sun.security.ssl.Handshaker.processLoop(Handshaker.java:957) at
sun.security.ssl.Handshaker$1.run(Handshaker.java:897) at
sun.security.ssl.Handshaker$1.run(Handshaker.java:894) at
java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1347) at
org.xnio.ssl.JsseConnectedSslStreamChannel.handleHandshake(JsseConnectedSslStreamChannel.java:425) at
org.xnio.ssl.JsseConnectedSslStreamChannel.write(JsseConnectedSslStreamChannel.java:242) ... 16 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) at
java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120) at
java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104) at
sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)

2015-12-22 17:08:20,009 - com.splunk.modinput.ModularInput -1090366 [Thread-2] ERROR - JBREM000202: Abrupt close on Remoting connection 306f44cd to xxxxx.xxxxxxxx/xx.x.xx.xxx:10699

Thanks for any help.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Did you search the interwebs for the error?

the trustAnchors parameter must be non-empty at

Seems fairly common:

http://stackoverflow.com/questions/6784463/error-trustanchors-parameter-must-be-non-empty/25188331

Looks like it has to do with your truststore setup. This document mentions it a few times and relates to WAS.

http://docs.splunk.com/Documentation/WAS/latest/InstallGuide/InstalltheSplunkFAAdd-on

jmallorquin
Builder

I downvoted this post because not related to the question

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

I think jkat54 is right -- JBOSS vs WAS makes little difference in this case. Feel free to open a ticket for more investigation though.

0 Karma

jmallorquin
Builder

Hi,

we use the jmx addon with the jboss addon, no th whebsphere.

Thanks,

0 Karma

jkat54
SplunkTrust
SplunkTrust
0 Karma

jkat54
SplunkTrust
SplunkTrust

does this help?

I had the InvalidAlgorithmParameterException error on a hosted jira server that I had previously set up for SSL-only access. The issue was that I had set up my keystore in the PKCS#12 format, but my truststore was in the JKS format. In my case, I had edited my server.xml file to specify the keystoreType to PKCS, but did not specify the truststoreType, so it defaults to whatever the keystoreType is. Specifying the truststoreType explicitly as JKS solved it for me.

or this?

This bizarre message means that the truststore you specified was not found, or couldn't be opened due to access permissions for example.

jkat54
SplunkTrust
SplunkTrust

OK so you're telling me you don't have a truststore?

0 Karma

Tune In & Win!

Don't miss out on your
chance to take home free
prizes by helping our players
save the Splunk Cloudom!

Dungeons & Data
Monsters: Splunk O11y
Day Editions Games
stream live:
5/4 at 6:30pm PST
5/5 at 7:00pm PST
on