All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I getting certificate errors trying to configure the Splunk Add-on for JMX with the Splunk Add-on for Jboss?

jmallorquin
Builder
‎12-22-2015 08:17 AM

Hi,

We are trying to set up the Splunk Add-on for JMX (3.1.0) with the Splunk Add-on for Jboss (1.0.0). However, after all processes for configuration, we have this error from index _internal

It looks like the problem is for the certificate, any one have this issue?

    2015-12-22 17:08:20,004 - org.xnio.listener -1090361 [Remoting "endpoint" write-1] ERROR - A channel event listener threw an exception java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at
sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1407) at
sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) at
sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) at
sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) at
javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) at
org.xnio.ssl.JsseConnectedSslStreamChannel.wrap(JsseConnectedSslStreamChannel.java:255) at
org.xnio.ssl.JsseConnectedSslStreamChannel.write(JsseConnectedSslStreamChannel.java:238) at
org.xnio.ssl.JsseConnectedSslStreamChannel.write(JsseConnectedSslStreamChannel.java:197) at
org.xnio.channels.FramedMessageChannel.doFlushBuffer(FramedMessageChannel.java:302) at
org.xnio.channels.FramedMessageChannel.flushAction(FramedMessageChannel.java:282) at
org.xnio.channels.TranslatingSuspendableChannel.flush(TranslatingSuspendableChannel.java:604) at
org.jboss.remoting3.remote.RemoteConnection$RemoteWriteListener.handleEvent(RemoteConnection.java:239) at
org.jboss.remoting3.remote.RemoteConnection$RemoteWriteListener.handleEvent(RemoteConnection.java:214) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) at
org.xnio.channels.TranslatingSuspendableChannel.handleWritable(TranslatingSuspendableChannel.java:243) at
org.xnio.channels.TranslatingSuspendableChannel$2.handleEvent(TranslatingSuspendableChannel.java:113) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) at
org.xnio.channels.TranslatingSuspendableChannel.handleWritable(TranslatingSuspendableChannel.java:243) at
org.xnio.channels.TranslatingSuspendableChannel$2.handleEvent(TranslatingSuspendableChannel.java:113) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) at
org.xnio.nio.NioHandle.run(NioHandle.java:90) at
org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:219) at
org.xnio.nio.WorkerThread.run(WorkerThread.java:132) Caused by: java.lang.RuntimeException:
Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90) at
sun.security.validator.Validator.getInstance(Validator.java:179) at
sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312) at
sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171) at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:239) at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1465) at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at
sun.security.ssl.Handshaker.processLoop(Handshaker.java:957) at
sun.security.ssl.Handshaker$1.run(Handshaker.java:897) at
sun.security.ssl.Handshaker$1.run(Handshaker.java:894) at
java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1347) at
org.xnio.ssl.JsseConnectedSslStreamChannel.handleHandshake(JsseConnectedSslStreamChannel.java:425) at
org.xnio.ssl.JsseConnectedSslStreamChannel.write(JsseConnectedSslStreamChannel.java:242) ... 16 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) at
java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120) at
java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104) at
sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)

2015-12-22 17:08:20,009 - com.splunk.modinput.ModularInput -1090366 [Thread-2] ERROR - JBREM000202: Abrupt close on Remoting connection 306f44cd to xxxxx.xxxxxxxx/xx.x.xx.xxx:10699

Thanks for any help.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎12-22-2015 09:00 AM

Did you search the interwebs for the error?

the trustAnchors parameter must be non-empty at

Seems fairly common:

http://stackoverflow.com/questions/6784463/error-trustanchors-parameter-must-be-non-empty/25188331

Looks like it has to do with your truststore setup. This document mentions it a few times and relates to WAS.

http://docs.splunk.com/Documentation/WAS/latest/InstallGuide/InstalltheSplunkFAAdd-on

Reply

jmallorquin
Builder
‎12-23-2015 12:45 AM

I downvoted this post because not related to the question

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎01-16-2016 03:27 PM

I think jkat54 is right -- JBOSS vs WAS makes little difference in this case. Feel free to open a ticket for more investigation though.

0 Karma
Reply

jmallorquin
Builder
‎12-22-2015 09:25 AM

Hi,

we use the jmx addon with the jboss addon, no th whebsphere.

Thanks,

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎12-23-2015 06:38 AM

does this help?

I had the InvalidAlgorithmParameterException error on a hosted jira server that I had previously set up for SSL-only access. The issue was that I had set up my keystore in the PKCS#12 format, but my truststore was in the JKS format. In my case, I had edited my server.xml file to specify the keystoreType to PKCS, but did not specify the truststoreType, so it defaults to whatever the keystoreType is. Specifying the truststoreType explicitly as JKS solved it for me.

or this?

This bizarre message means that the truststore you specified was not found, or couldn't be opened due to access permissions for example.
Reply

jkat54
SplunkTrust
SplunkTrust
‎12-23-2015 06:36 AM

OK so you're telling me you don't have a truststore?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...