Hi,
A common mistake with tls-toolkit is generating keystore and
truststore for each node using DIFFERENT NiFi CA Cert.
If tls-toolkit standalone is executed against different output
directories, it may produce different NiFi CA in each directory.
Please check both of s2s client and server truststores have the same
NiFi CA Cert.
To do so, use keytool command:
keytool -list -keystore truststore.jks
nifi-cert, Feb 9, 2018, trustedCertEntry,
Certificate fingerprint (SHA1):
FE:0D:FE:0D:72:40:0A:7E:49:45:1B:78:D9:F5:F4:6E:A2:3C:92:E5
If that's not the case, then I'd recommend adding
-Djavax.net.debug=all Java option to debug further.
You can add Java options from ${NIFI_HOME}/conf/bootstrap.conf.
https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html
Thanks,
Koji
On Fri, Feb 23, 2018 at 9:01 AM, yi <yuma.iwas...@austal.com> wrote:
> Apologies, I should clarify that I still do not have communication working
> site to site. Please assist. Thank you.
>
>
>
> --
> Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/
