Andy, Thanks for your reply.
>> and a truststore that contains the other instance’s public key (or the >> public key of the CA that signed it) Iam not able to understand the above step as how to create , can u guide with sample configuration as example. Below error i get when tried above step 2016-07-10 03:33:19,173 WARN [Remote Process Group 6430cef9-96fd-4230-8c77-247162add9ec: https://xx.xx.xx.xx:6677/nifi Thread-1] o.a.n.remote.StandardRemoteProcessGroup Unable to connect to RemoteProcessGroup[https://xx.xx.xx.xx:6677/nifi] due to com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed 2016-07-10 03:33:28,634 ERROR [Site-to-Site Worker Thread-0] o.a.n.r.io.socket.ssl.SSLSocketChannel org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel@4d967ab6 Failed to connect due to {} java.io.IOException: Connection reset by peer at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[na:1.8.0_91] at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) ~[na:1.8.0_91] at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) ~[na:1.8.0_91] at sun.nio.ch.IOUtil.read(IOUtil.java:197) ~[na:1.8.0_91] at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) ~[na:1.8.0_91] at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.readData(SSLSocketChannel.java:305) ~[nifi-utils-0.6.1.jar:0.6.1] at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.performHandshake(SSLSocketChannel.java:239) ~[nifi-utils-0.6.1.jar:0.6.1] at org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.connect(SSLSocketChannel.java:160) ~[nifi-utils-0.6.1.jar:0.6.1] at org.apache.nifi.remote.SocketRemoteSiteListener$1$1.run(SocketRemoteSiteListener.java:155) [nifi-site-to-site-0.6.1.jar:0.6.1] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91] 2016-07-10 03:33:28,635 ERROR [Site-to-Site Worker Thread-0] o.a.nifi.remote.SocketRemoteSiteListener RemoteSiteListener Unable to accept connection from Socket[unconnected] due to javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? I feel I'am making a mistake in adding public key to truststore. Regards, Vinay -- View this message in context: http://apache-nifi-developer-list.39713.n7.nabble.com/NIFI-Secure-Access-Site-to-Site-tp12735p12746.html Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
