Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

NIFi : Consume AMQP with SSL StandardSSLContextService

Labels:
avatar
author-rank ravi_tadepally
Contributor

Created on ‎01-05-2022 02:36 PM - edited ‎01-05-2022 02:39 PM

Hi,

 

I am currently new to NIFI and have been working on a project that requires communicating to a secured RabbitMQ server to consume data. To make an SSL handshake I am using StandardSSLContextService controller service by adding the required Truststore information.

 

And the Truststore actually contains the client certificate to communicate to RabbitMQ server from NIFI.

 

But I am facing the below issue while running the ConsumeAMQP processor.

 

17:36:40 UTC ERROR nifi.svc.cluster.local:9443 ConsumeAMQP[id=76fe890c-4c44-3a3e-933b-4f4e5c4e4539] Failed to initialize AMQP client: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required

causes: com.rabbitmq.client.ShutdownSignalException: connection error

causes: java.io.IOException

causes: java.lang.IllegalStateException: Failed to establish connection with AMQP Broker: com.rabbitmq.client.ConnectionFactory@72bc5297

17:36:40 UTCERROR76fe890c-4c44-3a3e-933b-4f4e5c4e4539 nifi.svc.cluster.local:9443ConsumeAMQP[id=76fe890c-4c44-3a3e-933b-4f4e5c4e4539] Connection lost to server localhost:5672

.: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required

 

I would really appreciate if someone can guide me to the right direction on how to set the standard ssl context service to make this working.

 

Thanks in advance.

2,742 Views
4 REPLIES 4

avatar
author-rank linuraj
New Contributor

Created ‎01-06-2022 03:28 PM

Hello Team,

 

We face the same problem as well. Appreciate your help!

2,711 Views
0 Kudos

avatar
author-rank AlinaGareeva
New Contributor

Created ‎04-07-2022 06:16 AM

Faced a similar problem, the same error occurred, I was helped (oddly enough) by duplicating the certificate in the user's root folder - from where the command was launched
/home/{user}/

2,644 Views
0 Kudos

avatar
author-rank ckumar author-rank
Master Collaborator

Created ‎04-07-2022 09:17 AM

javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required 

 

is very generic error for SSL and can cause due to multiple factors such as 

 

1. TLS version mismatch -->TLS version can be changed with StandardSSLContextService 

2. Incompatible cipher suites in use by the client and the server --> This can be due to Java version in use by NiFi and Active MQ server  and can be checked if there are any specific  cipher is set at Active MQ   following file needs  to be reviewed   jre/lib/security/java.security            

3. How client certificate obtained and imported in truststore file which is configured under   StandardSSLContextService--> You can use SSLPoke to verify connectivity outside of NiFi using same truststore file to makesure if the certificate is fine.

 

 

Thank you. 

 

 

 

2,617 Views
0 Kudos

avatar
author-rank araujo author-rank
Super Guru

Created ‎04-08-2022 04:17 AM

@ravi_tadepally ,

 

Is your RabbitMQ configured to require TLS Mutual Authentication (or Client Authentication)? If so, you must also provide a keystore in the SSL Context in NiFi, besides the truststore.

 

Cheers,

André

 

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,600 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements