Upgraded 2.6.0 -> 2.7.1 : Validation Status [INVALID] Errors

[u...@moosheimer.com]

Dear NiFi Team,

Did I overlook something when upgrading from 2.6.0 to 2.7.1 with regard 
to the keystore and truststore files?
Of course, I completely customized nifi.properties (format, passwords, 
path, etc.).
However, when I start 2.7.1, I get the following error:
java.util.concurrent.ExecutionException: 
java.lang.IllegalStateException: Enabling 
StandardControllerServiceNode[service=SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc], 
name=StandardRestrictedSSLContextService, active=true] failed: 
Validation Status [INVALID] Errors ['Keystore Properties' is invalid 
because Invalid keystore password or type specified for file 
[/opt/nifi/current/conf/keystore.pkcs12]: keystore password was 
incorrect, 'Truststore Properties' is invalid because Invalid truststore 
password or type specified for file 
[/opt/nifi/current/conf/truststore.jks]: Keystore was tampered with, or 
password was incorrect]
        at 
java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396)
        at 
java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2096)
        at 
org.apache.nifi.controller.service.StandardControllerServiceProvider.enableControllerServices(StandardControllerServiceProvider.java:261)
        at 
org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.inheritControllerServices(VersionedFlowSynchronizer.java:1057)
        at 
org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.synchronizeFlow(VersionedFlowSynchronizer.java:416)
        at 
org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.sync(VersionedFlowSynchronizer.java:221)
        at 
org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1817)
        at 
org.apache.nifi.persistence.StandardFlowConfigurationDAO.load(StandardFlowConfigurationDAO.java:91)
        at 
org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:762)
        at 
org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:483)
        at 
org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:67)
        at 
org.eclipse.jetty.ee11.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:1609)
        at 
org.eclipse.jetty.ee11.servlet.ServletContextHandler.contextInitialized(ServletContextHandler.java:498)
        at 
org.eclipse.jetty.ee11.servlet.ServletHandler.initialize(ServletHandler.java:676)
        at 
org.eclipse.jetty.ee11.servlet.ServletContextHandler.startContext(ServletContextHandler.java:1343)
...

        at org.apache.nifi.NiFi.main(NiFi.java:42)
Caused by: java.lang.IllegalStateException: Enabling 
StandardControllerServiceNode[service=SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc], 
name=StandardRestrictedSSLContextService, active=true] failed: 
Validation Status [INVALID] Errors ['Keystore Properties' is invalid 
because Invalid keystore password or type specified for file 
[/opt/nifi/current/conf/keystore.pkcs12]: keystore password was 
incorrect, 'Truststore Properties' is invalid because Invalid truststore 
password or type specified for file 
[/opt/nifi/current/conf/truststore.jks]: Keystore was tampered with, or 
password was incorrect]
        at 
org.apache.nifi.controller.service.StandardControllerServiceNode$2.run(StandardControllerServiceNode.java:659)
        at 
org.apache.nifi.engine.FlowEngine.lambda$wrap$1(FlowEngine.java:105)
        at 
java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
        at 
java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
        at 
java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
        at 
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
        at 
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
        at java.base/java.lang.Thread.run(Thread.java:1583)


2025-12-14 13:53:02,962 ERROR [Timer-Driven Process Thread-2] 
o.a.n.s.StandardRestrictedSSLContextService 
SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc] Failed to 
invoke @OnEnabled method
org.apache.nifi.reporting.InitializationException: 
SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc] is not valid 
due to:
'Keystore Properties' is invalid because Invalid keystore password or 
type specified for file [/opt/nifi/current/conf/keystore.pkcs12]: 
keystore password was incorrect
'Truststore Properties' is invalid because Invalid truststore password 
or type specified for file [/opt/nifi/current/conf/truststore.jks]: 
Keystore was tampered with, or password was incorrect
        at 
org.apache.nifi.ssl.StandardSSLContextService.onConfigured(StandardSSLContextService.java:175)
        at 
java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
        at java.base/java.lang.reflect.Method.invoke(Method.java:580)
        at 
org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:145)
        at 
org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:133)
        at 
org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:78)
        at 
org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:55)
        at 
org.apache.nifi.controller.service.StandardControllerServiceNode$2.run(StandardControllerServiceNode.java:685)
        at 
org.apache.nifi.engine.FlowEngine.lambda$wrap$1(FlowEngine.java:105)
        at 
java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
        at 
java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
        at 
java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
        at 
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
        at 
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
        at java.base/java.lang.Thread.run(Thread.java:1583)


*I have set all properties exactly as I did with 2.6., which have the 
following format:*

nifi.sensitive.props.key=XXXXXXXXXXXXXXXXXXXXXXXXXXX
nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256

nifi.security.autoreload.enabled=false
nifi.security.autoreload.interval=10 secs
nifi.security.keystore=./conf/keystore.pkcs12
nifi.security.keystore.certificate=
nifi.security.keystore.privateKey=
nifi.security.keystoreType=PKCS12
nifi.security.keystorePasswd=XXXXXXXXXXXXXXXXXXXXXXXXXXX
nifi.security.keyPasswd=XXXXXXXXXXXXXXXXXXXXXXXXXXX
nifi.security.truststore=./conf/truststore.jks
nifi.security.truststore.certificate=
nifi.security.truststoreType=jks
nifi.security.truststorePasswd=XXXXXXXXXXXXXXXXXXXXXXXXXXX


This has worked with all upgrades so far. Has anything changed in 2.7.1?

Regards,
Kay-Uwe