Assistance with "SSL No Trusted Certificates are Set" publishJMS Processor Message

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Assistance with "SSL No Trusted Certificates are Set" publishJMS Processor Message

Aaron Reed
Hello NiFi Developers,

I am currently trying to successfully configure a publishJMS processor
using NiFi version 1.1.2. The error message I am facing is the following:
"org.springframework.jms.JmsSecurityException: Can not initialize SSL
client: no trusted certificates are set; nested exception is
javax.jms.JMSSecurityException: Can not initialize SSL client: no trusted
certificates are set." Then a stack trace including the following appears
in the logs:

  at
org.springframework.jms.support.JmsUtils.convertJmsAccessException(JmsUtils.java:291)
  at
org.springframework.jms.support.JmsAccessor.convertJmsAccessException(JmsAccessor.java:169)
  at org.springframework.jms.core.JmsTemplate.execute(JmsTemplate.java:497)
  at org.springframework.jms.core.JmsTemplate.send(JmsTemplate.java:580)
  at
org.springframework.jms.processors.JMSPublisher.publish(JMSPublisher.java:78)
  at
org.springframework.jms.processors.PublishJMS.rendezousWithJms(PublishJMS.java:102)
  at
org.springframework.jms.AbstractJMSProcessor.onTrigger(AbstractJMSProcessor.java:136)
  at org.springframework.jms.PublishJMS.onTrigger(PublishJMS.java:55)

I have both used an SSL Context Service, specifying a trust store
certificate and password and not provided any SSL Context Service property,
but still receive the same error message.

Would you be able to provide any possible suggestions and solutions as to
why this SSL JMSSecurityException is occurring?

Any assistance would be greatly appreciated.

Sincerely,

Aaron Reed
Reply | Threaded
Open this post in threaded view
|

Re: Assistance with "SSL No Trusted Certificates are Set" publishJMS Processor Message

Andy LoPresto-2
Hi Aaron,

Sorry to hear you are having trouble with this. Can you connect to the JMS server using non-Apache NiFi tools, such as OpenSSL s_client? Verifying that the JMS server accepts TLS communications is your first debugging step. Once you have verified that, we can try to isolate the issue in NiFi. My preliminary list of possible issues is:

* NiFi is not pointing at the correct truststore to verify the JMS certificate containing its public key
* the certificate is invalid (expired, incorrect hostname, CN/SAN mismatch, EKU, etc.)
* the TLS protocol versions are incompatible (no matching cipher suites, etc.)
* a bug in NiFi code
* a bug in JMS broker code in Spring Framework

If possible, please provide an exported template of your flow — sensitive configuration values will be removed on template export — and the complete stacktrace in context (the full app log is very useful if you can sanitize it to your level of comfort). Thanks. 


Andy LoPresto
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

On Aug 15, 2017, at 12:00 PM, Aaron Reed <[hidden email]> wrote:

Hello NiFi Developers,

I am currently trying to successfully configure a publishJMS processor
using NiFi version 1.1.2. The error message I am facing is the following:
"org.springframework.jms.JmsSecurityException: Can not initialize SSL
client: no trusted certificates are set; nested exception is
javax.jms.JMSSecurityException: Can not initialize SSL client: no trusted
certificates are set." Then a stack trace including the following appears
in the logs:

 at
org.springframework.jms.support.JmsUtils.convertJmsAccessException(JmsUtils.java:291)
 at
org.springframework.jms.support.JmsAccessor.convertJmsAccessException(JmsAccessor.java:169)
 at org.springframework.jms.core.JmsTemplate.execute(JmsTemplate.java:497)
 at org.springframework.jms.core.JmsTemplate.send(JmsTemplate.java:580)
 at
org.springframework.jms.processors.JMSPublisher.publish(JMSPublisher.java:78)
 at
org.springframework.jms.processors.PublishJMS.rendezousWithJms(PublishJMS.java:102)
 at
org.springframework.jms.AbstractJMSProcessor.onTrigger(AbstractJMSProcessor.java:136)
 at org.springframework.jms.PublishJMS.onTrigger(PublishJMS.java:55)

I have both used an SSL Context Service, specifying a trust store
certificate and password and not provided any SSL Context Service property,
but still receive the same error message.

Would you be able to provide any possible suggestions and solutions as to
why this SSL JMSSecurityException is occurring?

Any assistance would be greatly appreciated.

Sincerely,

Aaron Reed


signature.asc (859 bytes) Download Attachment