Joe,
Have you seen https://issues.apache.org/jira/browse/NIFI-3230? You might
try the latest code on the master branch to see if it fixes your problem.
The JIRA ticket also offers a workaround by using a failover URI.
-- Mike
On Wed, Jan 11, 2017 at 8:20 PM, Joe Gresock <jgresock@gmail.com> wrote:
> Hi folks,
>
> I'm using PutJMS to try to send messages to an ActiveMQ broker over SSL. I
> verified that the trust store referenced in my ssl-context controller
> service does indeed contain the issuer DN of the broker's certificate, but
> I get the error "PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target".
>
> On a whim, I tried adding the truststore location and password to
> bootstrap.conf:
> java.arg.17=-Djavax.net.ssl.trustStore=...
> java.arg.18=-Djavax.net.ssl.trustStorePassword=...
>
> And this time the SSL connection actually worked. Therefore, it looks like
> somehow the ActiveMQ connection factory is not accepting my trust store
> information from my controller service. Has anyone else observed this
> behavior?
>
> --
> I know what it is to be in need, and I know what it is to have plenty. I
> have learned the secret of being content in any and every situation,
> whether well fed or hungry, whether living in plenty or in want. I can do
> all this through him who gives me strength. *-Philippians 4:12-13*
>
|