Hey All, Wanted to check in and see if anybody had a chance to look at this.
Thanks in advance for the help! Best, Jonah. On Fri, Feb 9, 2018 at 5:20 PM, Jonah Husson <[email protected]> wrote: > Hey All, > > Figured I'd shoot off an email before looking into issue reporting, in > case this is a product of my own stupidity rather than an actual bug. > > I'm trying to get MiNiFi communicating with a NiFi cluster on an internal > network running with SSL. I'm able to connect to NiFi from a web browser > after importing the correct certificates, but attempting to actually > transfer a file with minifi produces the following result: > > [2018-02-09 15:45:55.136] [main] [info] MiNiFi started > [2018-02-09 15:45:57.923] [org::apache::nifi::minifi::processors::GetFile] > [info] GetFile process /home/jonah/optimus/data/ > dynamic/ready_logs/testcopy2.txt > [2018-02-09 15:45:58.339] [org::apache::nifi::minifi::utils::HTTPClient] > [debug] Setting callback for > [2018-02-09 15:45:58.401] [org::apache::nifi::minifi::core::ProcessSession] > [info] Transferring 3b086abc-0dda-11e8-ab09-c85b769e9522 from GetFile to > relationship success > [2018-02-09 15:45:58.438] > [org::apache::nifi::minifi::RemoteProcessorGroupPort] > [debug] Refreshing the peer list since there are none configured. > [2018-02-09 15:45:58.439] [org::apache::nifi::minifi::utils::HTTPClient] > [debug] https://rs0.internal.optimusride.com:9093/nifi-api/site-to-site > is a secure url > [2018-02-09 15:45:58.439] [org::apache::nifi::minifi::utils::HTTPClient] > [debug] Submitting to https://rs0.internal.optimusride.com:9093/nifi-api/ > site-to-site > [2018-02-09 15:45:58.553] [org::apache::nifi::minifi::utils::HTTPClient] > [error] curl_easy_perform() failed Peer certificate cannot be authenticated > with given CA certificates > > [2018-02-09 15:45:58.553] > [org::apache::nifi::minifi::RemoteProcessorGroupPort] > [error] ProcessGroup::refreshRemoteSite2SiteInfo -- curl_easy_perform() > failed > > [2018-02-09 15:45:58.553] > [org::apache::nifi::minifi::RemoteProcessorGroupPort] > [debug] Obtained protocol from available_protocols_ > [2018-02-09 15:45:58.553] > [org::apache::nifi::minifi::RemoteProcessorGroupPort] > [info] no protocol, yielding > [2018-02-09 15:46:01.541] [org::apache::nifi::minifi::utils::HTTPClient] > [debug] Setting callback for > [2018-02-09 15:46:02.701] [org::apache::nifi::minifi::FlowController] > [info] Stop Flow Controller > [2018-02-09 15:46:04.748] [org::apache::nifi::minifi::utils::HTTPClient] > [debug] Setting callback for > [2018-02-09 15:46:05.137] [org::apache::nifi::minifi::FlowController] > [info] Unload Flow Controller > [2018-02-09 15:46:05.137] [main] [info] MiNiFi exit > > I'm not entirely sure what I'm doing wrong here, I'm fairly sure my > certificate setup is fine. NiFi's keystore has a cert/private key signed > by a CA i self-signed and created locally, it's truststore has the public > key that corresponds to the client certificate and private key on MiNiFi, > and MiNiFi has the certificate used to sign the one in NiFi's keystore. > > The best guess I have stems from the fact that the log message <url> is a > secure url occurs, but the message that configure_secure_connection(CURL > *http_session) should play if it runs doesn't come up, which leads me to > beleive that ssl_context_service_ isn't initialized properly for some > reason (see line 129 in /extensions/http-curl/HTTPClient.cpp, only place > I see either of those methods called). > > Let me know if you have any insight on this, frankly I haven't found much > documentation on the SSL setup for MiNiFi at all, so it's totally possible > I did something horribly wrong there. I'd also be happy to make a bug > report if y'all think this warrants one. > > Best, > Jonah. >
