The illegal key size error is almost certainly due to the length of the keystore/truststore password, but the ideal solution is not to decrease the password length, but rather to either install the Unlimited Strength Jurisdiction Policy files if possible, and/or switch to using a JKS keystore rather than PKCS12. PKCS12 without the USJ policies limit the keystore password length to 7 characters, which is *not* sufficiently strong against modern computing capability.
Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jan 9, 2017, at 11:43 AM, bmichaud <[email protected]> wrote: > > Aldrin Piri wrote >> Currently, NIFI_HOME is determined via the physical location of the script >> and thus the reason why it is picking up the other path. Typically, the >> bin directory is not one that is suggested to be configured external to >> the >> distribution in the interest of facilitating upgrade processes. > > I can see that in the nifi.sh script. > > > Aldrin Piri wrote >> I see throughout the logs and final stacktrace that the path >> /app_2/software/nifi/nifi-1.1.0/ is listed, but do not see that in either >> of the listings you provided. Could you please provide how that >> relates to /app_2/software/nifi/latest? >> Another symlink? > > Yes, "latest" is a symlink pointing to the latest nifi-1.*.* directory > installed in the /app_2/software/nifi directory. > > > Aldrin Piri wrote >> Does explicitly setting your NIFI_HOME (/app_2/runtime/nifi) in >> nifi-env.sh >> resolve this issue for you? > > I did not try that, but, when I tried to change the nifi.sh to take the > PHYS_DIR variable to be the dirname of $0, but that did not work. However, > my current work-around is to have a copy of the bin directory in the > runtime/nifi directory. > > I would prefer not to do this, as it does make upgrades messier, but I am > currently more concerned about the next error I got: > > InvalidKeyException: Illegal key size > > and I am trying to resolve that with a smaller password on my keystore and > truststore files. (https://issues.apache.org/jira/browse/NIFI-3062) > > > > > > -- > View this message in context: > http://apache-nifi-developer-list.39713.n7.nabble.com/NiFi-cannot-start-due-to-log-permissions-error-tp14413p14416.html > Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
signature.asc
Description: Message signed with OpenPGP using GPGMail
