Jonah With your email address bcc. You had two quick replies right after sending. I had to moderate this through. Please subscribe to the mailing list so you can see mailing list reply emails.
You can also see them here: https://lists.apache.org/[email protected] Thanks Joe On Mon, Feb 12, 2018 at 5:08 PM, Jonah Husson <[email protected]> wrote: > Hey All, > > Wanted to check in and see if anybody had a chance to look at this. > > Thanks in advance for the help! > > Best, > Jonah. > > On Fri, Feb 9, 2018 at 5:20 PM, Jonah Husson <[email protected]> wrote: > >> Hey All, >> >> Figured I'd shoot off an email before looking into issue reporting, in >> case this is a product of my own stupidity rather than an actual bug. >> >> I'm trying to get MiNiFi communicating with a NiFi cluster on an internal >> network running with SSL. I'm able to connect to NiFi from a web browser >> after importing the correct certificates, but attempting to actually >> transfer a file with minifi produces the following result: >> >> [2018-02-09 15:45:55.136] [main] [info] MiNiFi started >> [2018-02-09 15:45:57.923] [org::apache::nifi::minifi::processors::GetFile] >> [info] GetFile process /home/jonah/optimus/data/ >> dynamic/ready_logs/testcopy2.txt >> [2018-02-09 15:45:58.339] [org::apache::nifi::minifi::utils::HTTPClient] >> [debug] Setting callback for >> [2018-02-09 15:45:58.401] [org::apache::nifi::minifi::core::ProcessSession] >> [info] Transferring 3b086abc-0dda-11e8-ab09-c85b769e9522 from GetFile to >> relationship success >> [2018-02-09 15:45:58.438] >> [org::apache::nifi::minifi::RemoteProcessorGroupPort] >> [debug] Refreshing the peer list since there are none configured. >> [2018-02-09 15:45:58.439] [org::apache::nifi::minifi::utils::HTTPClient] >> [debug] https://rs0.internal.optimusride.com:9093/nifi-api/site-to-site >> is a secure url >> [2018-02-09 15:45:58.439] [org::apache::nifi::minifi::utils::HTTPClient] >> [debug] Submitting to https://rs0.internal.optimusride.com:9093/nifi-api/ >> site-to-site >> [2018-02-09 15:45:58.553] [org::apache::nifi::minifi::utils::HTTPClient] >> [error] curl_easy_perform() failed Peer certificate cannot be authenticated >> with given CA certificates >> >> [2018-02-09 15:45:58.553] >> [org::apache::nifi::minifi::RemoteProcessorGroupPort] >> [error] ProcessGroup::refreshRemoteSite2SiteInfo -- curl_easy_perform() >> failed >> >> [2018-02-09 15:45:58.553] >> [org::apache::nifi::minifi::RemoteProcessorGroupPort] >> [debug] Obtained protocol from available_protocols_ >> [2018-02-09 15:45:58.553] >> [org::apache::nifi::minifi::RemoteProcessorGroupPort] >> [info] no protocol, yielding >> [2018-02-09 15:46:01.541] [org::apache::nifi::minifi::utils::HTTPClient] >> [debug] Setting callback for >> [2018-02-09 15:46:02.701] [org::apache::nifi::minifi::FlowController] >> [info] Stop Flow Controller >> [2018-02-09 15:46:04.748] [org::apache::nifi::minifi::utils::HTTPClient] >> [debug] Setting callback for >> [2018-02-09 15:46:05.137] [org::apache::nifi::minifi::FlowController] >> [info] Unload Flow Controller >> [2018-02-09 15:46:05.137] [main] [info] MiNiFi exit >> >> I'm not entirely sure what I'm doing wrong here, I'm fairly sure my >> certificate setup is fine. NiFi's keystore has a cert/private key signed >> by a CA i self-signed and created locally, it's truststore has the public >> key that corresponds to the client certificate and private key on MiNiFi, >> and MiNiFi has the certificate used to sign the one in NiFi's keystore. >> >> The best guess I have stems from the fact that the log message <url> is a >> secure url occurs, but the message that configure_secure_connection(CURL >> *http_session) should play if it runs doesn't come up, which leads me to >> beleive that ssl_context_service_ isn't initialized properly for some >> reason (see line 129 in /extensions/http-curl/HTTPClient.cpp, only place >> I see either of those methods called). >> >> Let me know if you have any insight on this, frankly I haven't found much >> documentation on the SSL setup for MiNiFi at all, so it's totally possible >> I did something horribly wrong there. I'd also be happy to make a bug >> report if y'all think this warrants one. >> >> Best, >> Jonah. >>
