[jira] [Resolved] (NIFI-1479) Catch PKIX CertPathValidatorException and provide better error messaging

Thu, 04 Feb 2016 19:11:11 -0800 

     [ 
https://issues.apache.org/jira/browse/NIFI-1479?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andy LoPresto resolved NIFI-1479.
---------------------------------
       Resolution: Fixed
    Fix Version/s: 0.5.0

This is resolved with PR 201, and new documentation is available in the Admin 
Guide. 

> Catch PKIX CertPathValidatorException and provide better error messaging
> ------------------------------------------------------------------------
>
>                 Key: NIFI-1479
>                 URL: https://issues.apache.org/jira/browse/NIFI-1479
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 0.5.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>              Labels: certificate, security, tls
>             Fix For: 0.5.0
>
>
> Users often encounter an exception when validating certificates which is 
> poorly worded and confusing:
> {code}
> ./nifi-app.log:2016-01-06 08:06:38,637 ERROR [Timer-Driven Process Thread-6] 
> o.a.nifi.processors.standard.InvokeHTTP 
> InvokeHTTP[id=c75d8a02-3a6a-3c72-a086-ca0ace77fd62] Routing to Failure due to 
> exception: javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target
> {code}
> Due to phrases like "PKIX path building failed" and "unable to find valid 
> certification path to requested target", users often believe this is a file 
> path issue and that NiFi cannot locate the truststore. However, the issue is 
> actually that no *certificate validation* "path" can be constructed -- i.e. 
> NiFi cannot find a chain between the certificate being validated and any 
> trusted CA certificate that has signed it (or intermediaries). 
> This exception should be caught and a more explicative error message should 
> be displayed, with suggestions for how to resolve this issue (usually 
> importing the custom CA certificate or self-signed certificate into the 
> truststore). 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to