Guys i re-created new user certificate to match the hostname and made changes
as well in nifi properties giving the same hostname as in CN but still jam
struck with same :(
Please check below the nifi log
Client -hdp-dev-n3
2016-07-15 01:36:02,798 ERROR [Site-to-Site Worker Thread-40]
o.a.n.r.io.socket.ssl.SSLSocketChannel
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel@1e236c9c Failed to
connect due to {}
java.io.IOException: Connection reset by peer
at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[na:1.8.0_91]
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)
~[na:1.8.0_91]
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
~[na:1.8.0_91]
at sun.nio.ch.IOUtil.read(IOUtil.java:197) ~[na:1.8.0_91]
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
~[na:1.8.0_91]
at
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.readData(SSLSocketChannel.java:305)
~[nifi-utils-0.6.1.jar:0.6.1]
at
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.performHandshake(SSLSocketChannel.java:239)
~[nifi-utils-0.6.1.jar:0.6.1]
at
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.connect(SSLSocketChannel.java:160)
~[nifi-utils-0.6.1.jar:0.6.1]
at
org.apache.nifi.remote.SocketRemoteSiteListener$1$1.run(SocketRemoteSiteListener.java:155)
[nifi-site-to-site-0.6.1.jar:0.6.1]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91]
2016-07-15 01:36:02,798 ERROR [Site-to-Site Worker Thread-40]
o.a.nifi.remote.SocketRemoteSiteListener RemoteSiteListener Unable to accept
connection from Socket[unconnected] due to javax.net.ssl.SSLException:
Inbound closed before receiving peer's close_notify: possible truncation
attack?
2016-07-15 01:36:14,316 WARN [Remote Process Group
30bf2378-fff5-4154-9484-67042e723dce: https://ambari-srv-dev:8686/nifi
Thread-1] o.a.n.remote.StandardRemoteProcessGroup Unable to connect to
RemoteProcessGroup[https://ambari-srv-dev:8686/nifi] due to
com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: HTTPS
hostname wrong: should be <ambari-srv-dev>
Server - ambari-srv-dev
2016-07-15 01:34:27,403 ERROR [Site-to-Site Worker Thread-17]
o.a.nifi.remote.SocketRemoteSiteListener RemoteSiteListener Unable to accept
connection from Socket[unconnected] due to javax.net.ssl.SSLException:
Inbound closed before receiving peer's close_notify: possible truncation
attack?
2016-07-15 01:34:52,736 ERROR [Site-to-Site Worker Thread-18]
o.a.n.r.io.socket.ssl.SSLSocketChannel
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel@4ff98d27 Failed to
connect due to {}
java.io.IOException: Connection reset by peer
at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[na:1.8.0_91]
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)
~[na:1.8.0_91]
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
~[na:1.8.0_91]
at sun.nio.ch.IOUtil.read(IOUtil.java:197) ~[na:1.8.0_91]
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
~[na:1.8.0_91]
at
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.readData(SSLSocketChannel.java:305)
~[nifi-utils-0.6.1.jar:0.6.1]
at
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.performHandshake(SSLSocketChannel.java:239)
~[nifi-utils-0.6.1.jar:0.6.1]
at
org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel.connect(SSLSocketChannel.java:160)
~[nifi-utils-0.6.1.jar:0.6.1]
at
org.apache.nifi.remote.SocketRemoteSiteListener$1$1.run(SocketRemoteSiteListener.java:155)
[nifi-site-to-site-0.6.1.jar:0.6.1]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91]
2016-07-15 01:34:52,736 ERROR [Site-to-Site Worker Thread-18]
o.a.nifi.remote.SocketRemoteSiteListener RemoteSiteListener Unable to accept
connection from Socket[unconnected] due to javax.net.ssl.SSLException:
Inbound closed before receiving peer's close_notify: possible truncation
attack?
My question further
1. Should the CN of the "Issued By" be the same as that of "Issued To" ?
2. I assume "nifi.remote.input.socket.host" should hold the hostname of the
remote server NIFI tries to connect , in my case 'ambari-srv-dev'.
Regards,
Vinay
--
View this message in context:
http://apache-nifi-developer-list.39713.n7.nabble.com/NIFI-Secure-Access-Site-to-Site-tp12735p12815.html
Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
