[jira] [Created] (NIFI-8714) Update Contributor Guide Confluence page
Mark Bean created NIFI-8714: --- Summary: Update Contributor Guide Confluence page Key: NIFI-8714 URL: https://issues.apache.org/jira/browse/NIFI-8714 Project: Apache NiFi Issue Type: Improvement Components: Documentation Website Reporter: Mark Bean Update Contributor Guide https://cwiki.apache.org/confluence/display/NIFI/Contributor+Guide Section 6.3 Checkout the 'main' or 1.x.0' branch Change: git checkout -b 0.x origin/1.x.0 will create a local, tracking branch named 1.x.0. To: git checkout -b nifi-1.x.y origin/nifi-1.x.y will create a local, tracking branch named 1.x.y, where "x" is the minor version and "y" is the patch version being selected, e.g. 1.13.2 Section 8 Additional notes on code contributions Multiple references to "master" need to be updated to "main" I do not believe the following statement is accurate, certainly not for the 1.0 and 0.x branch names. "As NiFi now has a 1.0 (master) and 0.x (support) branch, pull requests (PR) must be applied to both. Here is a step-by-step guide for committers to ensure this occurs for all PRs." Fetch Config section The url should be changed from g...@github.com:apache/nifi.git to https://github.com/apache/nifi.git to be consistent with other locations specified in the guide Add information indicating that "fetch github" is required in order to subsequently pull the desired PR branch. (See step 2 above.) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-8706) Add support for Redis Lists and Hashes
[ https://issues.apache.org/jira/browse/NIFI-8706?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17364970#comment-17364970 ] Otto Fowler commented on NIFI-8706: --- Can you give any use cases for these interactions? The ability to write X to a list or hash, with records, with example? The ability to read X from list or hash to records with example? > Add support for Redis Lists and Hashes > -- > > Key: NIFI-8706 > URL: https://issues.apache.org/jira/browse/NIFI-8706 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework >Affects Versions: 1.8.0, 1.13.2 >Reporter: Doug Houck >Priority: Major > Labels: newbie, performance > > Nifi supports Redis interactions, but only for Keys. From a Redis > perspective, this is a poor use of resources. Lists and Hashes only required > one key per. It would be nice to have the ability to interact with Redis > Lists and Hashes in a Nifi Processor. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFIREG-442) Adding docs for users storing in DB
[ https://issues.apache.org/jira/browse/NIFIREG-442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17364925#comment-17364925 ] Raz Dobkies commented on NIFIREG-442: - I understood nifi registry is now a part of nifi repo. So I made the merge request here also: https://github.com/apache/nifi/pull/5167 > Adding docs for users storing in DB > --- > > Key: NIFIREG-442 > URL: https://issues.apache.org/jira/browse/NIFIREG-442 > Project: NiFi Registry > Issue Type: Wish >Affects Versions: 0.8.0 > Environment: All >Reporter: Raz Dobkies >Priority: Major > Labels: documentation, security > Fix For: 0.8.0 > > Original Estimate: 120h > Remaining Estimate: 120h > > Since NiFi-Registry-0.8.0 we can store users, groups, and policies in the > same DB as the flows and buckets are stored. However, there is no > documentation for this awesome feature... > > As you know, one of the most important things to NiFi's clients is the > documentation of the features, and how they can use them in their > configurations. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17364816#comment-17364816 ] Jul Tomten edited comment on NIFI-8713 at 6/17/21, 12:36 PM: - !image-2021-06-17-12-07-32-920.png! Got it working by setting extra properties. on the JMSConnectionFactoryProvider property TrustStore property TrustStorePassword property TrustStoreType Is it necessary to store the keystore password visible in plain text? Yes, without password it fails. JMS SSL Context Service is maybe not the trust store but should contain client certificate when using mutual ssl/tls? in the documentation it says : *The SSL Context Service used to provide client certificate information for TLS/SSL connections.* *If login with username and password the ssl context service isn't needed.* was (Author: tomten1970): !image-2021-06-17-12-07-32-920.png! Got it working by setting extra properties. on the JMSConnectionFactoryProvider property TrustStore property TrustStorePassword property TrustStoreType Is it necessary to store the keystore password visible in plain text? Maybe not needed. JMS SSL Context Service is maybe not the trust store but should contain client certificate when using mutual ssl/tls? in the documentation it says : *The SSL Context Service used to provide client certificate information for TLS/SSL connections.* > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png, > image-2021-06-17-12-07-32-920.png > > > ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX > path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS fails both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > > The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. > > Tested using the JMS* properties on the processor instead of the connection > factory service JMS context servive but still the same error message. > I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context > service but maybe fall back to using jdk cacerts file? > Tested putting the root ca cert in cacerts file and in the file pointed to by > nifi.security.truststore but it is still the same error message. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17364816#comment-17364816 ] Jul Tomten edited comment on NIFI-8713 at 6/17/21, 12:29 PM: - !image-2021-06-17-12-07-32-920.png! Got it working by setting extra properties. on the JMSConnectionFactoryProvider property TrustStore property TrustStorePassword property TrustStoreType Is it necessary to store the keystore password visible in plain text? Maybe not needed. JMS SSL Context Service is maybe not the trust store but should contain client certificate when using mutual ssl/tls? in the documentation it says : *The SSL Context Service used to provide client certificate information for TLS/SSL connections.* was (Author: tomten1970): !image-2021-06-17-12-07-32-920.png! Got it working by setting extra properties. on the JMSConnectionFactoryProvider property TrustStore property TrustStorePassword property TrustStoreType This is an error as the trust store is already set in the JMS SSL Context Service and its necessary to store the keystore password visible in plain text. JMS SSL Context Service is maybe not the trust store but should contain client certificate when using mutual ssl/tls? in the documentation it says : *The SSL Context Service used to provide client certificate information for TLS/SSL connections.* > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png, > image-2021-06-17-12-07-32-920.png > > > ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX > path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS fails both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > > The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. > > Tested using the JMS* properties on the processor instead of the connection > factory service JMS context servive but still the same error message. > I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context > service but maybe fall back to using jdk cacerts file? > Tested putting the root ca cert in cacerts file and in the file pointed to by > nifi.security.truststore but it is still the same error message. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17364816#comment-17364816 ] Jul Tomten edited comment on NIFI-8713 at 6/17/21, 12:27 PM: - !image-2021-06-17-12-07-32-920.png! Got it working by setting extra properties. on the JMSConnectionFactoryProvider property TrustStore property TrustStorePassword property TrustStoreType This is an error as the trust store is already set in the JMS SSL Context Service and its necessary to store the keystore password visible in plain text. JMS SSL Context Service is maybe not the trust store but should contain client certificate when using mutual ssl/tls? in the documentation it says : *The SSL Context Service used to provide client certificate information for TLS/SSL connections.* was (Author: tomten1970): !image-2021-06-17-12-07-32-920.png! Got it working by setting extra properties. on the JMSConnectionFactoryProvider property TrustStore property TrustStorePassword property TrustStoreType This is an error as the trust store is already set in the JMS SSL Context Service and its necessary to store the keystore password visible in plain text. JMS SSL Context Service is maybe not the trust store but should contain client certificate when using mutual ssl/tls? It would be good to have this described in the documentation. > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png, > image-2021-06-17-12-07-32-920.png > > > ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX > path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS fails both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > > The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. > > Tested using the JMS* properties on the processor instead of the connection > factory service JMS context servive but still the same error message. > I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context > service but maybe fall back to using jdk cacerts file? > Tested putting the root ca cert in cacerts file and in the file pointed to by > nifi.security.truststore but it is still the same error message. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17364816#comment-17364816 ] Jul Tomten edited comment on NIFI-8713 at 6/17/21, 12:10 PM: - !image-2021-06-17-12-07-32-920.png! Got it working by setting extra properties. on the JMSConnectionFactoryProvider property TrustStore property TrustStorePassword property TrustStoreType This is an error as the trust store is already set in the JMS SSL Context Service and its necessary to store the keystore password visible in plain text. JMS SSL Context Service is maybe not the trust store but should contain client certificate when using mutual ssl/tls? It would be good to have this described in the documentation. was (Author: tomten1970): !image-2021-06-17-12-07-32-920.png! Got it working by setting extra properties. on the JMSConnectionFactoryProvider property TrustStore property TrustStorePassword property TrustStoreType This is an error as the trust store is already set in the JMS SSL Context Service and its necessary to store the keystore password visible in plain text. JMS SSL Context Service is maybe not the trust store but should contain client certificate when using mutual ssl/tls? > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png, > image-2021-06-17-12-07-32-920.png > > > ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX > path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS fails both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > > The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. > > Tested using the JMS* properties on the processor instead of the connection > factory service JMS context servive but still the same error message. > I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context > service but maybe fall back to using jdk cacerts file? > Tested putting the root ca cert in cacerts file and in the file pointed to by > nifi.security.truststore but it is still the same error message. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17364816#comment-17364816 ] Jul Tomten edited comment on NIFI-8713 at 6/17/21, 12:10 PM: - !image-2021-06-17-12-07-32-920.png! Got it working by setting extra properties. on the JMSConnectionFactoryProvider property TrustStore property TrustStorePassword property TrustStoreType This is an error as the trust store is already set in the JMS SSL Context Service and its necessary to store the keystore password visible in plain text. JMS SSL Context Service is maybe not the trust store but should contain client certificate when using mutual ssl/tls? was (Author: tomten1970): !image-2021-06-17-12-07-32-920.png! Got it working by setting extra properties. on the JMSConnectionFactoryProvider property TrustStore property TrustStorePassword property TrustStoreType This is an error as the trust store is already set in the JMS SSL Context Service and its necessary to store the keystore password visible in plain text. > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png, > image-2021-06-17-12-07-32-920.png > > > ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX > path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS fails both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > > The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. > > Tested using the JMS* properties on the processor instead of the connection > factory service JMS context servive but still the same error message. > I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context > service but maybe fall back to using jdk cacerts file? > Tested putting the root ca cert in cacerts file and in the file pointed to by > nifi.security.truststore but it is still the same error message. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17364820#comment-17364820 ] Jul Tomten commented on NIFI-8713: -- This solution should at least go into the documentation as an example. Had to read the source code to figure it out. > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png, > image-2021-06-17-12-07-32-920.png > > > ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX > path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS fails both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > > The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. > > Tested using the JMS* properties on the processor instead of the connection > factory service JMS context servive but still the same error message. > I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context > service but maybe fall back to using jdk cacerts file? > Tested putting the root ca cert in cacerts file and in the file pointed to by > nifi.security.truststore but it is still the same error message. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17364816#comment-17364816 ] Jul Tomten commented on NIFI-8713: -- !image-2021-06-17-12-07-32-920.png! Got it working by setting extra properties. on the JMSConnectionFactoryProvider property TrustStore property TrustStorePassword property TrustStoreType This is an error as the trust store is already set in the JMS SSL Context Service and its necessary to store the keystore password visible in plain text. > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png, > image-2021-06-17-12-07-32-920.png > > > ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX > path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS fails both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > > The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. > > Tested using the JMS* properties on the processor instead of the connection > factory service JMS context servive but still the same error message. > I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context > service but maybe fall back to using jdk cacerts file? > Tested putting the root ca cert in cacerts file and in the file pointed to by > nifi.security.truststore but it is still the same error message. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jul Tomten updated NIFI-8713: - Attachment: image-2021-06-17-12-07-32-920.png > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png, > image-2021-06-17-12-07-32-920.png > > > ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX > path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS fails both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > > The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. > > Tested using the JMS* properties on the processor instead of the connection > factory service JMS context servive but still the same error message. > I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context > service but maybe fall back to using jdk cacerts file? > Tested putting the root ca cert in cacerts file and in the file pointed to by > nifi.security.truststore but it is still the same error message. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jul Tomten updated NIFI-8713: - Description: ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX path building failed !image-2021-06-16-21-40-53-349.png! getJMSQueue putJMSQueue works fine with the same jks file and SSL context service. invokeHTTP works fine with the same context service. I have a root ca that issues the server certificates without intermediate ca. In the trust store jks there is only one certificate so it's a very simple setup. Is there any extra requirements on the jks trsutstore when using ConsumeJMS or PublishJMS compared to getJMSQueue putJMSQueue ? The trust store type in the SSL context service seems to not matter if it is set to JKS or PKCS12 . ConsumeJMS or PublishJMS fails both with JKS and PKCS12 getJMSQueue putJMSQueue works with JKS and PKCS12. java keytool lists my trust store as keystore type PKCS12 provider SUN. I have tested with a keystore of type JKS but it fails with the same error message. activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. Tested using the JMS* properties on the processor instead of the connection factory service JMS context servive but still the same error message. I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context service but maybe fall back to using jdk cacerts file? Tested putting the root ca cert in cacerts file and in the file pointed to by nifi.security.truststore but it is still the same error message. was: ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX path building failed !image-2021-06-16-21-40-53-349.png! getJMSQueue putJMSQueue works fine with the same jks file and SSL context service. invokeHTTP works fine with the same context service. I have a root ca that issues the server certificates without intermediate ca. In the trust store jks there is only one certificate so it's a very simple setup. Is there any extra requirements on the jks trsutstore when using ConsumeJMS or PublishJMS compared to getJMSQueue putJMSQueue ? The trust store type in the SSL context service seems to not matter if it is set to JKS or PKCS12 . ConsumeJMS or PublishJMS fails both with JKS and PKCS12 getJMSQueue putJMSQueue works with JKS and PKCS12. java keytool lists my trust store as keystore type PKCS12 provider SUN. I have tested with a keystore of type JKS but it fails with the same error message. activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. Tested using the JMS* properties on the processor instead of the connection factory service JMS context servive but still the same error message. I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context service but maybe fall back to using jdk cacerts file? > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png > > > ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX > path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS fails both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue
[jira] [Updated] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jul Tomten updated NIFI-8713: - Description: ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX path building failed !image-2021-06-16-21-40-53-349.png! getJMSQueue putJMSQueue works fine with the same jks file and SSL context service. invokeHTTP works fine with the same context service. I have a root ca that issues the server certificates without intermediate ca. In the trust store jks there is only one certificate so it's a very simple setup. Is there any extra requirements on the jks trsutstore when using ConsumeJMS or PublishJMS compared to getJMSQueue putJMSQueue ? The trust store type in the SSL context service seems to not matter if it is set to JKS or PKCS12 . ConsumeJMS or PublishJMS fails both with JKS and PKCS12 getJMSQueue putJMSQueue works with JKS and PKCS12. java keytool lists my trust store as keystore type PKCS12 provider SUN. I have tested with a keystore of type JKS but it fails with the same error message. activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. Tested using the JMS* properties on the processor instead of the connection factory service JMS context servive but still the same error message. I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context service but maybe fall back to using jdk cacerts file? was: ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX path building failed !image-2021-06-16-21-40-53-349.png! getJMSQueue putJMSQueue works fine with the same jks file and SSL context service. invokeHTTP works fine with the same context service. I have a root ca that issues the server certificates without intermediate ca. In the trust store jks there is only one certificate so it's a very simple setup. Is there any extra requirements on the jks trsutstore when using ConsumeJMS or PublishJMS compared to getJMSQueue putJMSQueue ? The trust store type in the SSL context service seems to not matter if it is set to JKS or PKCS12 . ConsumeJMS or PublishJMS faile both with JKS and PKCS12 getJMSQueue putJMSQueue works with JKS and PKCS12. java keytool lists my trust store as keystore type PKCS12 provider SUN. I have tested with a keystore of type JKS but it fails with the same error message. activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. Tested using the JMS* properties on the processor instead of the connection factory service JMS context servive but still the same error message. I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context service but maybe fall back to using jdk cacerts file? > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png > > > ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX > path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS fails both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > > The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. > > Tested using
[jira] [Updated] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jul Tomten updated NIFI-8713: - Description: ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX path building failed !image-2021-06-16-21-40-53-349.png! getJMSQueue putJMSQueue works fine with the same jks file and SSL context service. invokeHTTP works fine with the same context service. I have a root ca that issues the server certificates without intermediate ca. In the trust store jks there is only one certificate so it's a very simple setup. Is there any extra requirements on the jks trsutstore when using ConsumeJMS or PublishJMS compared to getJMSQueue putJMSQueue ? The trust store type in the SSL context service seems to not matter if it is set to JKS or PKCS12 . ConsumeJMS or PublishJMS faile both with JKS and PKCS12 getJMSQueue putJMSQueue works with JKS and PKCS12. java keytool lists my trust store as keystore type PKCS12 provider SUN. I have tested with a keystore of type JKS but it fails with the same error message. activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. Tested using the JMS* properties on the processor instead of the connection factory service JMS context servive but still the same error message. I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context service but maybe fall back to using jdk cacerts file? was: ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX path building failed !image-2021-06-16-21-40-53-349.png! getJMSQueue putJMSQueue works fine with the same jks file and SSL context service. invokeHTTP works fine with the same context service. I have a root ca that issues the server certificates without intermediate ca. In the trust store jks there is only one certificate so it's a very simple setup. Is there any extra requirements on the jks trsutstore when using ConsumeJMS or PublishJMS compared to getJMSQueue putJMSQueue ? The trust store type in the SSL context service seems to not matter if it is set to JKS or PKCS12 . ConsumeJMS or PublishJMS faile both with JKS and PKCS12 getJMSQueue putJMSQueue works with JKS and PKCS12. java keytool lists my trust store as keystore type PKCS12 provider SUN. I have tested with a keystore of type JKS but it fails with the same error message. activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png > > > ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX > path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS faile both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > > The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. > > Tested using the JMS* properties on the processor instead of the connection > factory service JMS context servive but still the same error message. > I guess the ConsumeJMS or PublishJMS doesn't use the specified ssl context > service but maybe fall back to using jdk cacerts file? > -- This message
[jira] [Updated] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jul Tomten updated NIFI-8713: - Description: ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX path building failed !image-2021-06-16-21-40-53-349.png! getJMSQueue putJMSQueue works fine with the same jks file and SSL context service. invokeHTTP works fine with the same context service. I have a root ca that issues the server certificates without intermediate ca. In the trust store jks there is only one certificate so it's a very simple setup. Is there any extra requirements on the jks trsutstore when using ConsumeJMS or PublishJMS compared to getJMSQueue putJMSQueue ? The trust store type in the SSL context service seems to not matter if it is set to JKS or PKCS12 . ConsumeJMS or PublishJMS faile both with JKS and PKCS12 getJMSQueue putJMSQueue works with JKS and PKCS12. java keytool lists my trust store as keystore type PKCS12 provider SUN. I have tested with a keystore of type JKS but it fails with the same error message. activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. was: ConsumeJMS doesn't work over SSL/TLS PKIX path building failed !image-2021-06-16-21-40-53-349.png! getJMSQueue putJMSQueue works fine with the same jks file and SSL context service. invokeHTTP works fine with the same context service. I have a root ca that issues the server certificates without intermediate ca. In the trust store jks there is only one certificate so it's a very simple setup. Is there any extra requirements on the jks trsutstore when using ConsumeJMS or PublishJMS compared to getJMSQueue putJMSQueue ? The trust store type in the SSL context service seems to not matter if it is set to JKS or PKCS12 . ConsumeJMS or PublishJMS faile both with JKS and PKCS12 getJMSQueue putJMSQueue works with JKS and PKCS12. java keytool lists my trust store as keystore type PKCS12 provider SUN. I have tested with a keystore of type JKS but it fails with the same error message. activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png > > > ConsumeJMS and PublichJMS doesn't work over SSL/TLS - error message PKIX > path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS faile both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > > The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (NIFI-8713) ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed
[ https://issues.apache.org/jira/browse/NIFI-8713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jul Tomten updated NIFI-8713: - Description: ConsumeJMS doesn't work over SSL/TLS PKIX path building failed !image-2021-06-16-21-40-53-349.png! getJMSQueue putJMSQueue works fine with the same jks file and SSL context service. invokeHTTP works fine with the same context service. I have a root ca that issues the server certificates without intermediate ca. In the trust store jks there is only one certificate so it's a very simple setup. Is there any extra requirements on the jks trsutstore when using ConsumeJMS or PublishJMS compared to getJMSQueue putJMSQueue ? The trust store type in the SSL context service seems to not matter if it is set to JKS or PKCS12 . ConsumeJMS or PublishJMS faile both with JKS and PKCS12 getJMSQueue putJMSQueue works with JKS and PKCS12. java keytool lists my trust store as keystore type PKCS12 provider SUN. I have tested with a keystore of type JKS but it fails with the same error message. activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. was: ConsumeJMS doesn't work over SSL/TLS PKIX path building failed !image-2021-06-16-21-40-53-349.png! getJMSQueue putJMSQueue works fine with the same jks file and SSL context service. invokeHTTP works fine with the same context service. I have a root ca that issues the server certificates without intermediate ca. In the trust store jks there is only one certificate so it's a very simple setup. Is there any extra requirements on the jks trsutstore when using ConsumeJMS or PublishJMS compared to getJMSQueue putJMSQueue ? The trust store type in the SSL context service seems to not matter if it is set to JKS or PKCS12 . ConsumeJMS or PublishJMS faile both with JKS and PKCS12 getJMSQueue putJMSQueue works with JKS and PKCS12. java keytool lists my trust store as keystore type PKCS12 provider SUN. activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > ConsumeJMS and PublishJMS doesn't work over SSL/TLS PKIX path building failed > - > > Key: NIFI-8713 > URL: https://issues.apache.org/jira/browse/NIFI-8713 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.13.2 > Environment: redhat > java sap machine 1.11 > activemq-all-5.15.9.jar >Reporter: Jul Tomten >Priority: Major > Labels: ConsumeJMS, PKIX, SSL, TLS, building, failed, path > Attachments: image-2021-06-16-21-40-53-349.png > > > ConsumeJMS doesn't work over SSL/TLS PKIX path building failed > > !image-2021-06-16-21-40-53-349.png! > > getJMSQueue putJMSQueue works fine with the same jks file and SSL context > service. > invokeHTTP works fine with the same context service. > I have a root ca that issues the server certificates without intermediate ca. > In the trust store jks there is only one certificate so it's a very simple > setup. > Is there any extra requirements on the jks trsutstore when using ConsumeJMS > or PublishJMS compared to getJMSQueue putJMSQueue ? > > The trust store type in the SSL context service seems to not matter if it is > set to JKS or PKCS12 . > ConsumeJMS or PublishJMS faile both with JKS and PKCS12 > getJMSQueue putJMSQueue works with JKS and PKCS12. > java keytool lists my trust store as keystore type PKCS12 provider SUN. > I have tested with a keystore of type JKS but it fails with the same error > message. > > activemq-all-5.15.9.jar is used with ConsumeJMS or PublishJMS > getJMSQueue putJMSQueue uses ActiveMQ driver shipped with NiFi > > The activemq-all-5.15.9.jar has been tested in sap po whrere it works fine. -- This message was sent by Atlassian Jira (v8.3.4#803005)