Jonah

With your email address bcc.  You had two quick replies right after
sending.  I had to moderate this through.  Please subscribe to the
mailing list so you can see mailing list reply emails.

You can also see them here:
https://lists.apache.org/list.html?dev@nifi.apache.org

Thanks
Joe

On Mon, Feb 12, 2018 at 5:08 PM, Jonah Husson <jo...@optimusride.com> wrote:
> Hey All,
>
> Wanted to check in and see if anybody had a chance to look at this.
>
> Thanks in advance for the help!
>
> Best,
> Jonah.
>
> On Fri, Feb 9, 2018 at 5:20 PM, Jonah Husson <jo...@optimusride.com> wrote:
>
>> Hey All,
>>
>> Figured I'd shoot off an email before looking into issue reporting, in
>> case this is a product of my own stupidity rather than an actual bug.
>>
>> I'm trying to get MiNiFi communicating with a NiFi cluster on an internal
>> network running with SSL.  I'm able to connect to NiFi from a web browser
>> after importing the correct certificates, but attempting to actually
>> transfer a file with minifi produces the following result:
>>
>> [2018-02-09 15:45:55.136] [main] [info] MiNiFi started
>> [2018-02-09 15:45:57.923] [org::apache::nifi::minifi::processors::GetFile]
>> [info] GetFile process /home/jonah/optimus/data/
>> dynamic/ready_logs/testcopy2.txt
>> [2018-02-09 15:45:58.339] [org::apache::nifi::minifi::utils::HTTPClient]
>> [debug] Setting callback for
>> [2018-02-09 15:45:58.401] [org::apache::nifi::minifi::core::ProcessSession]
>> [info] Transferring 3b086abc-0dda-11e8-ab09-c85b769e9522 from GetFile to
>> relationship success
>> [2018-02-09 15:45:58.438] 
>> [org::apache::nifi::minifi::RemoteProcessorGroupPort]
>> [debug] Refreshing the peer list since there are none configured.
>> [2018-02-09 15:45:58.439] [org::apache::nifi::minifi::utils::HTTPClient]
>> [debug] https://rs0.internal.optimusride.com:9093/nifi-api/site-to-site
>> is a secure url
>> [2018-02-09 15:45:58.439] [org::apache::nifi::minifi::utils::HTTPClient]
>> [debug] Submitting to https://rs0.internal.optimusride.com:9093/nifi-api/
>> site-to-site
>> [2018-02-09 15:45:58.553] [org::apache::nifi::minifi::utils::HTTPClient]
>> [error] curl_easy_perform() failed Peer certificate cannot be authenticated
>> with given CA certificates
>>
>> [2018-02-09 15:45:58.553] 
>> [org::apache::nifi::minifi::RemoteProcessorGroupPort]
>> [error] ProcessGroup::refreshRemoteSite2SiteInfo -- curl_easy_perform()
>> failed
>>
>> [2018-02-09 15:45:58.553] 
>> [org::apache::nifi::minifi::RemoteProcessorGroupPort]
>> [debug] Obtained protocol from available_protocols_
>> [2018-02-09 15:45:58.553] 
>> [org::apache::nifi::minifi::RemoteProcessorGroupPort]
>> [info] no protocol, yielding
>> [2018-02-09 15:46:01.541] [org::apache::nifi::minifi::utils::HTTPClient]
>> [debug] Setting callback for
>> [2018-02-09 15:46:02.701] [org::apache::nifi::minifi::FlowController]
>> [info] Stop Flow Controller
>> [2018-02-09 15:46:04.748] [org::apache::nifi::minifi::utils::HTTPClient]
>> [debug] Setting callback for
>> [2018-02-09 15:46:05.137] [org::apache::nifi::minifi::FlowController]
>> [info] Unload Flow Controller
>> [2018-02-09 15:46:05.137] [main] [info] MiNiFi exit
>>
>> I'm not entirely sure what I'm doing wrong here, I'm fairly sure my
>> certificate setup is fine.  NiFi's keystore has a cert/private key signed
>> by a CA i self-signed and created locally, it's truststore has the public
>> key that corresponds to the client certificate and private key on MiNiFi,
>> and MiNiFi has the certificate used to sign the one in NiFi's keystore.
>>
>> The best guess I have stems from the fact that the log message <url> is a
>> secure url occurs, but the message that configure_secure_connection(CURL
>> *http_session) should play if it runs doesn't come up, which leads me to
>> beleive that ssl_context_service_ isn't initialized properly for some
>> reason (see line 129 in /extensions/http-curl/HTTPClient.cpp, only place
>> I see either of those methods called).
>>
>> Let me know if you have any insight on this, frankly I haven't found much
>> documentation on the SSL setup for MiNiFi at all, so it's totally possible
>> I did something horribly wrong there.  I'd also be happy to make a bug
>> report if y'all think this warrants one.
>>
>> Best,
>> Jonah.
>>

Reply via email to