From dev-return-12962-apmail-nifi-dev-archive=nifi.apache.org@nifi.apache.org Wed Jan 11 20:20:19 2017 Return-Path: X-Original-To: apmail-nifi-dev-archive@minotaur.apache.org Delivered-To: apmail-nifi-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 59D511904B for ; Wed, 11 Jan 2017 20:20:19 +0000 (UTC) Received: (qmail 60009 invoked by uid 500); 11 Jan 2017 20:20:19 -0000 Delivered-To: apmail-nifi-dev-archive@nifi.apache.org Received: (qmail 59961 invoked by uid 500); 11 Jan 2017 20:20:19 -0000 Mailing-List: contact dev-help@nifi.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@nifi.apache.org Delivered-To: mailing list dev@nifi.apache.org Received: (qmail 59948 invoked by uid 99); 11 Jan 2017 20:20:18 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Jan 2017 20:20:18 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 709B91A02D1 for ; Wed, 11 Jan 2017 20:20:18 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.68 X-Spam-Level: * X-Spam-Status: No, score=1.68 tagged_above=-999 required=6.31 tests=[AC_DIV_BONANZA=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id THpH01NPV1_3 for ; Wed, 11 Jan 2017 20:20:17 +0000 (UTC) Received: from mail-qt0-f172.google.com (mail-qt0-f172.google.com [209.85.216.172]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 3B8EA5F3A1 for ; Wed, 11 Jan 2017 20:20:17 +0000 (UTC) Received: by mail-qt0-f172.google.com with SMTP id x49so140313971qtc.2 for ; Wed, 11 Jan 2017 12:20:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=42cmj5VMnZsxMTdhkp0Q84zZziEHzVKjOn5p+RoA4AM=; b=qXr0TSCgGNf/rolAl8AUkQyAkHz1jZ5ctj1gtxU0sdwb0KCKSu9XILGQ9dDzdAeyNa wNQ8kbJP5ZFNM4O0m1DAWEIvE5xgpMKsjuvSrRpGR0zb0bN9uj93dXDKxWy6nIu2sTAF J/bGuuJ6hIYsTEMgxM92Y+Nbe3ddR3/xrY5zAob2ZTfojckic4XuBVGvYq2cGhvqgJA6 b5JDEtbJ264O5JORDqNXnW1XYxPFRpnJpw76V3BlhxC2ta3cAOXcNi/69NMXzVJKCxyr pXup+BIjFjZmtqbhB4FqxMV6rfK8C5waJfs8GSl69odCihWexMBhV7ur85hBg1jL3dre M0bQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=42cmj5VMnZsxMTdhkp0Q84zZziEHzVKjOn5p+RoA4AM=; b=E5T3HaHgOcOUfHQXABmXDPhiwVitC3K+XOSaTqG7RLOe26yMbc6hKEhY+8Ff9IJSwm BboZnMov8C3okLCxxP6Rk3Kb8iu9m7/GVkmtxq38wjDl/+gw7JHYAJvXWfvXKN+6IYDu V+Qf6GroWzaL6jemvnn+NgTGOpPVVYSjND/AJPB7iONigh6J9MGKBNZNjuvrua0+pe2h H9CtR5voaiq9VLpVvz3+Hb/iStr0Xd3btLBBR3cUnl1gHRhXlVIuM9VR2Y6LXlucnlBX /2w9u9He06FfSuPwKijnLIDfaHB9Ee3/Z+YxQNuPLY2zc0fHfvE3z1VcUHwMZDFN3ev+ Y/Dg== X-Gm-Message-State: AIkVDXJ6g7kc6lVGHvMrTfQJOlc3LqfoNCM8CrPj2eP2G5cYPwCGSEwLzsMDT+YWw0+hf9aB9drYO1fHefRJVg== X-Received: by 10.237.37.209 with SMTP id y17mr9537938qtc.136.1484166016795; Wed, 11 Jan 2017 12:20:16 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.177.154 with HTTP; Wed, 11 Jan 2017 12:20:16 -0800 (PST) From: Joe Gresock Date: Wed, 11 Jan 2017 20:20:16 +0000 Message-ID: Subject: ActiveMQ trust store issues To: dev@nifi.apache.org Content-Type: multipart/alternative; boundary=001a113f4d1638099e0545d7544e --001a113f4d1638099e0545d7544e Content-Type: text/plain; charset=UTF-8 Hi folks, I'm using PutJMS to try to send messages to an ActiveMQ broker over SSL. I verified that the trust store referenced in my ssl-context controller service does indeed contain the issuer DN of the broker's certificate, but I get the error "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". On a whim, I tried adding the truststore location and password to bootstrap.conf: java.arg.17=-Djavax.net.ssl.trustStore=... java.arg.18=-Djavax.net.ssl.trustStorePassword=... And this time the SSL connection actually worked. Therefore, it looks like somehow the ActiveMQ connection factory is not accepting my trust store information from my controller service. Has anyone else observed this behavior? -- I know what it is to be in need, and I know what it is to have plenty. I have learned the secret of being content in any and every situation, whether well fed or hungry, whether living in plenty or in want. I can do all this through him who gives me strength. *-Philippians 4:12-13* --001a113f4d1638099e0545d7544e--