I am currently new to NIFI and have been working on a project that requires communicating to a secured RabbitMQ server to consume data. To make an SSL handshake I am using StandardSSLContextService controller service by adding the required Truststore information.
And the Truststore actually contains the client certificate to communicate to RabbitMQ server from NIFI.
But I am facing the below issue while running the ConsumeAMQP processor.
17:36:40 UTC ERROR nifi.svc.cluster.local:9443 ConsumeAMQP[id=76fe890c-4c44-3a3e-933b-4f4e5c4e4539] Failed to initialize AMQP client: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required
causes: com.rabbitmq.client.ShutdownSignalException: connection error
causes: java.lang.IllegalStateException: Failed to establish connection with AMQP Broker: com.rabbitmq.client.ConnectionFactory@72bc5297
17:36:40 UTCERROR76fe890c-4c44-3a3e-933b-4f4e5c4e4539 nifi.svc.cluster.local:9443ConsumeAMQP[id=76fe890c-4c44-3a3e-933b-4f4e5c4e4539] Connection lost to server localhost:5672
.: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required
I would really appreciate if someone can guide me to the right direction on how to set the standard ssl context service to make this working.
Thanks in advance.
Faced a similar problem, the same error occurred, I was helped (oddly enough) by duplicating the certificate in the user's root folder - from where the command was launched
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required
is very generic error for SSL and can cause due to multiple factors such as
1. TLS version mismatch -->TLS version can be changed with StandardSSLContextService
2. Incompatible cipher suites in use by the client and the server --> This can be due to Java version in use by NiFi and Active MQ server and can be checked if there are any specific cipher is set at Active MQ following file needs to be reviewed jre/lib/security/java.security
3. How client certificate obtained and imported in truststore file which is configured under StandardSSLContextService--> You can use SSLPoke to verify connectivity outside of NiFi using same truststore file to makesure if the certificate is fine.
Is your RabbitMQ configured to require TLS Mutual Authentication (or Client Authentication)? If so, you must also provide a keystore in the SSL Context in NiFi, besides the truststore.