Support Questions

Find answers, ask questions, and share your expertise

NIFi : Consume AMQP with SSL StandardSSLContextService

avatar
Contributor

Hi,

 

I am currently new to NIFI and have been working on a project that requires communicating to a secured RabbitMQ server to consume data. To make an SSL handshake I am using StandardSSLContextService controller service by adding the required Truststore information.

 

And the Truststore actually contains the client certificate to communicate to RabbitMQ server from NIFI.

 

But I am facing the below issue while running the ConsumeAMQP processor.

 

17:36:40 UTC ERROR nifi.svc.cluster.local:9443 ConsumeAMQP[id=76fe890c-4c44-3a3e-933b-4f4e5c4e4539] Failed to initialize AMQP client: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required

causes: com.rabbitmq.client.ShutdownSignalException: connection error

causes: java.io.IOException

causes: java.lang.IllegalStateException: Failed to establish connection with AMQP Broker: com.rabbitmq.client.ConnectionFactory@72bc5297

17:36:40 UTCERROR76fe890c-4c44-3a3e-933b-4f4e5c4e4539 nifi.svc.cluster.local:9443ConsumeAMQP[id=76fe890c-4c44-3a3e-933b-4f4e5c4e4539] Connection lost to server localhost:5672

.: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required

 

I would really appreciate if someone can guide me to the right direction on how to set the standard ssl context service to make this working.

 

Thanks in advance.

4 REPLIES 4

avatar
New Contributor

Hello Team,

 

We face the same problem as well. Appreciate your help!

avatar
New Contributor

Faced a similar problem, the same error occurred, I was helped (oddly enough) by duplicating the certificate in the user's root folder - from where the command was launched
/home/{user}/

avatar
Master Collaborator

javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required 

 

is very generic error for SSL and can cause due to multiple factors such as 

 

1. TLS version mismatch -->TLS version can be changed with StandardSSLContextService 

2. Incompatible cipher suites in use by the client and the server --> This can be due to Java version in use by NiFi and Active MQ server  and can be checked if there are any specific  cipher is set at Active MQ   following file needs  to be reviewed   jre/lib/security/java.security            

3. How client certificate obtained and imported in truststore file which is configured under   StandardSSLContextService--> You can use SSLPoke to verify connectivity outside of NiFi using same truststore file to makesure if the certificate is fine.

 

 

Thank you. 

 

 

 

avatar
Super Guru

@ravi_tadepally ,

 

Is your RabbitMQ configured to require TLS Mutual Authentication (or Client Authentication)? If so, you must also provide a keystore in the SSL Context in NiFi, besides the truststore.

 

Cheers,

André

 

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.