Hi there,
I upgraded an older dev setup today from 1.6.0 to 1.13.2. After a
couple of config tweaks, it’s “working”, but if I try and access the
interface at https://nifi2.domain.blah/ I get a message on screen
stating that nifi1.domain.blah is not verified. The logs contain this
same message, along with the stack trace. (This also happens if I
access nifi1 – it complains nifi2 is not verified).
My keystore and truststore on both servers both contain the certs for
both servers, and the truststore additionally contains the CA that
signed both servers’ certificates.
What am I missing?
Thanks,
Phil
2021-06-11 23:51:20,970 WARN [Replicate Request Thread-1]
o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request
GET /nifi-api/flow/current-user to nifi1.domain.blah:443 due to
javax.net.ssl.SSLPeerUnverifiedException: Hostname nifi1.domain.blah
not verified:
certificate: sha256/Wv+eIBMlpsSS95xKF+Fry9C/jQhFbNS35yfJGK92/5U=
DN: CN=nifi1.domain.blah, OU=domain, O=blah
subjectAltNames: []
2021-06-11 23:51:20,970 WARN [Replicate Request Thread-1]
o.a.n.c.c.h.r.ThreadPoolRequestReplicator
javax.net.ssl.SSLPeerUnverifiedException: Hostname nifi1.
nifi1.domain.blah not verified:
certificate: sha256/Wv+eIBMlpsSS95xKF+Fry9C/jQhFbNS35yfJGK92/5U=
DN: CN=nifi1.domain.blah OU=domain, O=blah
subjectAltNames: []
at
okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:389)
at
okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
at
okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
at
okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
at
okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
at
okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
at
okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
at
okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at
okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at
okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at
okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at
okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
at
org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:132)
at
org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:126)
at
org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:652)
at
org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:844)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
