Anishkumar, I have answered this with some potential solutions here [1]. If you can provide more information about the current configuration (your nifi.properties file, keytool output of your keystores and truststores, etc.) we can provide more assistance.
[1] http://stackoverflow.com/a/43190068/70465 Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Mar 31, 2017, at 7:01 PM, Anishkumar Valsalam > <[email protected]> wrote: > > I am trying to configure the 3node secured Nifi cluster setup by followinng > the below > Link > <https://pierrevillard.com/2016/11/29/apache-nifi-1-1-0-secured-cluster-setup/> > . > > But between nodes the connection not happened after enabled SSL/LDAP and i > am getting the below error. > > > 2017-04-01 09:05:47,494 WARN [Clustering Tasks Thread-2] > o.apache.nifi.controller.FlowController Failed to send heartbeat due to: > org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling > 'HEARTBEAT' protocol message due to: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > 2017-04-01 09:05:47,494 ERROR [Process Cluster Protocol Request-7] > o.a.nifi.security.util.CertificateUtils The incoming request did not contain > client certificates and thus the DN cannot be extracted. Check that the > other endpoint is providing a complete client certificate chain > 2017-04-01 09:05:47,494 WARN [Process Cluster Protocol Request-7] > o.a.n.c.p.impl.SocketProtocolListener Failed processing protocol message > from HKLPATHAS02.hk.standardchartered.com due to > org.apache.nifi.cluster.protocol.ProtocolException: > java.security.cert.CertificateException: > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > org.apache.nifi.cluster.protocol.ProtocolException: > java.security.cert.CertificateException: > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at > org.apache.nifi.cluster.protocol.impl.SocketProtocolListener.getRequestorDN(SocketProtocolListener.java:221) > ~[nifi-framework-cluster-protocol-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] > at > org.apache.nifi.cluster.protocol.impl.SocketProtocolListener.dispatchRequest(SocketProtocolListener.java:133) > ~[nifi-framework-cluster-protocol-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] > at > org.apache.nifi.io.socket.SocketListener$2$1.run(SocketListener.java:136) > [nifi-socket-utils-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > [na:1.8.0_102] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > [na:1.8.0_102] > at java.lang.Thread.run(Thread.java:745) [na:1.8.0_102] > Caused by: java.security.cert.CertificateException: > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at > org.apache.nifi.security.util.CertificateUtils.extractPeerDNFromClientSSLSocket(CertificateUtils.java:306) > ~[nifi-security-utils-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] > at > org.apache.nifi.security.util.CertificateUtils.extractPeerDNFromSSLSocket(CertificateUtils.java:261) > ~[nifi-security-utils-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] > at > org.apache.nifi.cluster.protocol.impl.SocketProtocolListener.getRequestorDN(SocketProtocolListener.java:219) > ~[nifi-framework-cluster-protocol-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] > ... 5 common frames omitted > Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at > sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) > ~[na:1.8.0_102] > at > org.apache.nifi.security.util.CertificateUtils.extractPeerDNFromClientSSLSocket(CertificateUtils.java:291) > ~[nifi-security-utils-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] > ... 7 common frames omitted > > > > -- > View this message in context: > http://apache-nifi-developer-list.39713.n7.nabble.com/Secured-Nifi-Cluster-Setup-tp15334.html > Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
signature.asc
Description: Message signed with OpenPGP using GPGMail
