Hey All,

Wanted to check in and see if anybody had a chance to look at this.

Thanks in advance for the help!

Best,
Jonah.

On Fri, Feb 9, 2018 at 5:20 PM, Jonah Husson <jo...@optimusride.com> wrote:

> Hey All,
>
> Figured I'd shoot off an email before looking into issue reporting, in
> case this is a product of my own stupidity rather than an actual bug.
>
> I'm trying to get MiNiFi communicating with a NiFi cluster on an internal
> network running with SSL.  I'm able to connect to NiFi from a web browser
> after importing the correct certificates, but attempting to actually
> transfer a file with minifi produces the following result:
>
> [2018-02-09 15:45:55.136] [main] [info] MiNiFi started
> [2018-02-09 15:45:57.923] [org::apache::nifi::minifi::processors::GetFile]
> [info] GetFile process /home/jonah/optimus/data/
> dynamic/ready_logs/testcopy2.txt
> [2018-02-09 15:45:58.339] [org::apache::nifi::minifi::utils::HTTPClient]
> [debug] Setting callback for
> [2018-02-09 15:45:58.401] [org::apache::nifi::minifi::core::ProcessSession]
> [info] Transferring 3b086abc-0dda-11e8-ab09-c85b769e9522 from GetFile to
> relationship success
> [2018-02-09 15:45:58.438] 
> [org::apache::nifi::minifi::RemoteProcessorGroupPort]
> [debug] Refreshing the peer list since there are none configured.
> [2018-02-09 15:45:58.439] [org::apache::nifi::minifi::utils::HTTPClient]
> [debug] https://rs0.internal.optimusride.com:9093/nifi-api/site-to-site
> is a secure url
> [2018-02-09 15:45:58.439] [org::apache::nifi::minifi::utils::HTTPClient]
> [debug] Submitting to https://rs0.internal.optimusride.com:9093/nifi-api/
> site-to-site
> [2018-02-09 15:45:58.553] [org::apache::nifi::minifi::utils::HTTPClient]
> [error] curl_easy_perform() failed Peer certificate cannot be authenticated
> with given CA certificates
>
> [2018-02-09 15:45:58.553] 
> [org::apache::nifi::minifi::RemoteProcessorGroupPort]
> [error] ProcessGroup::refreshRemoteSite2SiteInfo -- curl_easy_perform()
> failed
>
> [2018-02-09 15:45:58.553] 
> [org::apache::nifi::minifi::RemoteProcessorGroupPort]
> [debug] Obtained protocol from available_protocols_
> [2018-02-09 15:45:58.553] 
> [org::apache::nifi::minifi::RemoteProcessorGroupPort]
> [info] no protocol, yielding
> [2018-02-09 15:46:01.541] [org::apache::nifi::minifi::utils::HTTPClient]
> [debug] Setting callback for
> [2018-02-09 15:46:02.701] [org::apache::nifi::minifi::FlowController]
> [info] Stop Flow Controller
> [2018-02-09 15:46:04.748] [org::apache::nifi::minifi::utils::HTTPClient]
> [debug] Setting callback for
> [2018-02-09 15:46:05.137] [org::apache::nifi::minifi::FlowController]
> [info] Unload Flow Controller
> [2018-02-09 15:46:05.137] [main] [info] MiNiFi exit
>
> I'm not entirely sure what I'm doing wrong here, I'm fairly sure my
> certificate setup is fine.  NiFi's keystore has a cert/private key signed
> by a CA i self-signed and created locally, it's truststore has the public
> key that corresponds to the client certificate and private key on MiNiFi,
> and MiNiFi has the certificate used to sign the one in NiFi's keystore.
>
> The best guess I have stems from the fact that the log message <url> is a
> secure url occurs, but the message that configure_secure_connection(CURL
> *http_session) should play if it runs doesn't come up, which leads me to
> beleive that ssl_context_service_ isn't initialized properly for some
> reason (see line 129 in /extensions/http-curl/HTTPClient.cpp, only place
> I see either of those methods called).
>
> Let me know if you have any insight on this, frankly I haven't found much
> documentation on the SSL setup for MiNiFi at all, so it's totally possible
> I did something horribly wrong there.  I'd also be happy to make a bug
> report if y'all think this warrants one.
>
> Best,
> Jonah.
>

Reply via email to