Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

NIFi : Consume AMQP with SSL StandardSSLContextService

Labels:
avatar
author-rank ravi_tadepally
Contributor

Created on ‎01-05-2022 02:36 PM - edited ‎01-05-2022 02:39 PM

Hi,

 

I am currently new to NIFI and have been working on a project that requires communicating to a secured RabbitMQ server to consume data. To make an SSL handshake I am using StandardSSLContextService controller service by adding the required Truststore information.

 

And the Truststore actually contains the client certificate to communicate to RabbitMQ server from NIFI.

 

But I am facing the below issue while running the ConsumeAMQP processor.

 

17:36:40 UTC ERROR nifi.svc.cluster.local:9443 ConsumeAMQP[id=76fe890c-4c44-3a3e-933b-4f4e5c4e4539] Failed to initialize AMQP client: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required

causes: com.rabbitmq.client.ShutdownSignalException: connection error

causes: java.io.IOException

causes: java.lang.IllegalStateException: Failed to establish connection with AMQP Broker: com.rabbitmq.client.ConnectionFactory@72bc5297

17:36:40 UTCERROR76fe890c-4c44-3a3e-933b-4f4e5c4e4539 nifi.svc.cluster.local:9443ConsumeAMQP[id=76fe890c-4c44-3a3e-933b-4f4e5c4e4539] Connection lost to server localhost:5672

.: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required

 

I would really appreciate if someone can guide me to the right direction on how to set the standard ssl context service to make this working.

 

Thanks in advance.

1,933 Views
4 REPLIES 4

avatar
author-rank linuraj
New Contributor

Created ‎01-06-2022 03:28 PM

Hello Team,

 

We face the same problem as well. Appreciate your help!

1,902 Views
0 Kudos

avatar
author-rank AlinaGareeva
New Contributor

Created ‎04-07-2022 06:16 AM

Faced a similar problem, the same error occurred, I was helped (oddly enough) by duplicating the certificate in the user's root folder - from where the command was launched
/home/{user}/

1,835 Views
0 Kudos

avatar
author-rank ckumar author-rank
Master Collaborator

Created ‎04-07-2022 09:17 AM

javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required 

 

is very generic error for SSL and can cause due to multiple factors such as 

 

1. TLS version mismatch -->TLS version can be changed with StandardSSLContextService 

2. Incompatible cipher suites in use by the client and the server --> This can be due to Java version in use by NiFi and Active MQ server  and can be checked if there are any specific  cipher is set at Active MQ   following file needs  to be reviewed   jre/lib/security/java.security            

3. How client certificate obtained and imported in truststore file which is configured under   StandardSSLContextService--> You can use SSLPoke to verify connectivity outside of NiFi using same truststore file to makesure if the certificate is fine.

 

 

Thank you. 

 

 

 

1,808 Views
0 Kudos

avatar
author-rank araujo author-rank
Super Guru

Created ‎04-08-2022 04:17 AM

@ravi_tadepally ,

 

Is your RabbitMQ configured to require TLS Mutual Authentication (or Client Authentication)? If so, you must also provide a keystore in the SSL Context in NiFi, besides the truststore.

 

Cheers,

André

 

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.
1,791 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements