All Apps and Add-ons
Highlighted

Why am I getting certificate errors trying to configure the Splunk Add-on for JMX with the Splunk Add-on for Jboss?

Builder

Hi,

We are trying to set up the Splunk Add-on for JMX (3.1.0) with the Splunk Add-on for Jboss (1.0.0). However, after all processes for configuration, we have this error from index _internal

It looks like the problem is for the certificate, any one have this issue?

    2015-12-22 17:08:20,004 - org.xnio.listener -1090361 [Remoting "endpoint" write-1] ERROR - A channel event listener threw an exception java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at
sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1407) at
sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) at
sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) at
sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) at
javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) at
org.xnio.ssl.JsseConnectedSslStreamChannel.wrap(JsseConnectedSslStreamChannel.java:255) at
org.xnio.ssl.JsseConnectedSslStreamChannel.write(JsseConnectedSslStreamChannel.java:238) at
org.xnio.ssl.JsseConnectedSslStreamChannel.write(JsseConnectedSslStreamChannel.java:197) at
org.xnio.channels.FramedMessageChannel.doFlushBuffer(FramedMessageChannel.java:302) at
org.xnio.channels.FramedMessageChannel.flushAction(FramedMessageChannel.java:282) at
org.xnio.channels.TranslatingSuspendableChannel.flush(TranslatingSuspendableChannel.java:604) at
org.jboss.remoting3.remote.RemoteConnection$RemoteWriteListener.handleEvent(RemoteConnection.java:239) at
org.jboss.remoting3.remote.RemoteConnection$RemoteWriteListener.handleEvent(RemoteConnection.java:214) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) at
org.xnio.channels.TranslatingSuspendableChannel.handleWritable(TranslatingSuspendableChannel.java:243) at
org.xnio.channels.TranslatingSuspendableChannel$2.handleEvent(TranslatingSuspendableChannel.java:113) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) at
org.xnio.channels.TranslatingSuspendableChannel.handleWritable(TranslatingSuspendableChannel.java:243) at
org.xnio.channels.TranslatingSuspendableChannel$2.handleEvent(TranslatingSuspendableChannel.java:113) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) at
org.xnio.nio.NioHandle.run(NioHandle.java:90) at
org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:219) at
org.xnio.nio.WorkerThread.run(WorkerThread.java:132) Caused by: java.lang.RuntimeException:
Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90) at
sun.security.validator.Validator.getInstance(Validator.java:179) at
sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312) at
sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171) at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:239) at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1465) at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at
sun.security.ssl.Handshaker.processLoop(Handshaker.java:957) at
sun.security.ssl.Handshaker$1.run(Handshaker.java:897) at
sun.security.ssl.Handshaker$1.run(Handshaker.java:894) at
java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1347) at
org.xnio.ssl.JsseConnectedSslStreamChannel.handleHandshake(JsseConnectedSslStreamChannel.java:425) at
org.xnio.ssl.JsseConnectedSslStreamChannel.write(JsseConnectedSslStreamChannel.java:242) ... 16 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) at
java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120) at
java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104) at
sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)

2015-12-22 17:08:20,009 - com.splunk.modinput.ModularInput -1090366 [Thread-2] ERROR - JBREM000202: Abrupt close on Remoting connection 306f44cd to xxxxx.xxxxxxxx/xx.x.xx.xxx:10699

Thanks for any help.

0 Karma
Highlighted

Re: Why am I getting certificate errors trying to configure the Splunk Add-on for JMX with the Splunk Add-on for Jboss?

SplunkTrust
SplunkTrust

Did you search the interwebs for the error?

the trustAnchors parameter must be non-empty at

Seems fairly common:

http://stackoverflow.com/questions/6784463/error-trustanchors-parameter-must-be-non-empty/25188331

Looks like it has to do with your truststore setup. This document mentions it a few times and relates to WAS.

http://docs.splunk.com/Documentation/WAS/latest/InstallGuide/InstalltheSplunkFAAdd-on

Highlighted

Re: Why am I getting certificate errors trying to configure the Splunk Add-on for JMX with the Splunk Add-on for Jboss?

Builder

Hi,

we use the jmx addon with the jboss addon, no th whebsphere.

Thanks,

0 Karma
Highlighted

Re: Why am I getting certificate errors trying to configure the Splunk Add-on for JMX with the Splunk Add-on for Jboss?

SplunkTrust
SplunkTrust

OK so you're telling me you don't have a truststore?

0 Karma
Highlighted

Re: Why am I getting certificate errors trying to configure the Splunk Add-on for JMX with the Splunk Add-on for Jboss?

SplunkTrust
SplunkTrust

does this help?

I had the InvalidAlgorithmParameterException error on a hosted jira server that I had previously set up for SSL-only access. The issue was that I had set up my keystore in the PKCS#12 format, but my truststore was in the JKS format. In my case, I had edited my server.xml file to specify the keystoreType to PKCS, but did not specify the truststoreType, so it defaults to whatever the keystoreType is. Specifying the truststoreType explicitly as JKS solved it for me.

or this?

This bizarre message means that the truststore you specified was not found, or couldn't be opened due to access permissions for example.
Highlighted

Re: Why am I getting certificate errors trying to configure the Splunk Add-on for JMX with the Splunk Add-on for Jboss?

SplunkTrust
SplunkTrust
0 Karma
Highlighted

Re: Why am I getting certificate errors trying to configure the Splunk Add-on for JMX with the Splunk Add-on for Jboss?

Builder

I downvoted this post because not related to the question

0 Karma
Highlighted

Re: Why am I getting certificate errors trying to configure the Splunk Add-on for JMX with the Splunk Add-on for Jboss?

Splunk Employee
Splunk Employee

I think jkat54 is right -- JBOSS vs WAS makes little difference in this case. Feel free to open a ticket for more investigation though.

0 Karma