Hi JB, I got my issue resolved by using the key tool command within our docker image for dataflow and adding our root and issuing cert there. I do have a question on the mTLS, have you been able to implement any application in data flow or beam using mTLS ? For Albertsons I know it’s coming down the road but not quite yet so I’d like to just be prepared!
Thank you Zack Sent from my iPhone > On Jan 23, 2026, at 5:29 AM, Jean-Baptiste Onofré <[email protected]> wrote: > > Hi Zack, > > I did that in the past (using Bean and ActiveMQ with dataflow runner). > > I didn't use mutual authentication (I used one way SSL), and disabled > verifyHostName on the client side (it's not enabled by default on broker > side). > I used a self signed key, in case of a chain, you may need to update > cacerts or truststore. > > Regards > JB > > >> On Wed, Jan 21, 2026 at 1:29 AM Zack Culberson <[email protected]> >> wrote: >> >> Hi all, >> >> Has anyone connected to ActiveMq from Dataflow ? We currently are facing >> some issues related to certificates. When it tries to connect to our >> brokers through ssl we get PKIX path building failed. >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target. Currently in Dataflow I have >> a JVMInitializer that will download our truststore.jks file that has the >> root and server cert for our broker and store it into the /tmp folder on >> the worker. I then use the ActiveMQSslConnectionFactory and set the >> truststore location and password within those apis. But it still fails with >> the above error. I have added debugging to insure the jks file is >> downloaded which it is is there other things I could try or need to do ? >> >> Thank you, >> Zack >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information, visit: https://activemq.apache.org/contact
