nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <alopre...@apache.org>
Subject Re: Assistance with "SSL No Trusted Certificates are Set" publishJMS Processor Message
Date Tue, 15 Aug 2017 17:10:39 GMT
Hi Aaron,

Sorry to hear you are having trouble with this. Can you connect to the JMS server using non-Apache
NiFi tools, such as OpenSSL s_client? Verifying that the JMS server accepts TLS communications
is your first debugging step. Once you have verified that, we can try to isolate the issue
in NiFi. My preliminary list of possible issues is:

* NiFi is not pointing at the correct truststore to verify the JMS certificate containing
its public key
* the certificate is invalid (expired, incorrect hostname, CN/SAN mismatch, EKU, etc.)
* the TLS protocol versions are incompatible (no matching cipher suites, etc.)
* a bug in NiFi code
* a bug in JMS broker code in Spring Framework

If possible, please provide an exported template of your flow — sensitive configuration
values will be removed on template export — and the complete stacktrace in context (the
full app log is very useful if you can sanitize it to your level of comfort). Thanks.


Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Aug 15, 2017, at 12:00 PM, Aaron Reed <ajustreed@gmail.com> wrote:
> 
> Hello NiFi Developers,
> 
> I am currently trying to successfully configure a publishJMS processor
> using NiFi version 1.1.2. The error message I am facing is the following:
> "org.springframework.jms.JmsSecurityException: Can not initialize SSL
> client: no trusted certificates are set; nested exception is
> javax.jms.JMSSecurityException: Can not initialize SSL client: no trusted
> certificates are set." Then a stack trace including the following appears
> in the logs:
> 
>  at
> org.springframework.jms.support.JmsUtils.convertJmsAccessException(JmsUtils.java:291)
>  at
> org.springframework.jms.support.JmsAccessor.convertJmsAccessException(JmsAccessor.java:169)
>  at org.springframework.jms.core.JmsTemplate.execute(JmsTemplate.java:497)
>  at org.springframework.jms.core.JmsTemplate.send(JmsTemplate.java:580)
>  at
> org.springframework.jms.processors.JMSPublisher.publish(JMSPublisher.java:78)
>  at
> org.springframework.jms.processors.PublishJMS.rendezousWithJms(PublishJMS.java:102)
>  at
> org.springframework.jms.AbstractJMSProcessor.onTrigger(AbstractJMSProcessor.java:136)
>  at org.springframework.jms.PublishJMS.onTrigger(PublishJMS.java:55)
> 
> I have both used an SSL Context Service, specifying a trust store
> certificate and password and not provided any SSL Context Service property,
> but still receive the same error message.
> 
> Would you be able to provide any possible suggestions and solutions as to
> why this SSL JMSSecurityException is occurring?
> 
> Any assistance would be greatly appreciated.
> 
> Sincerely,
> 
> Aaron Reed


Mime
View raw message