Hello Kay-Uwe Maybe it's this bug? https://issues.apache.org/jira/browse/NIFI-15340
It's listed as a known issue in the release notes. -Eric On Sun, Dec 14, 2025, 5:07 AM [email protected] <[email protected]> wrote: > Dear NiFi Team, > > Did I overlook something when upgrading from 2.6.0 to 2.7.1 with regard > to the keystore and truststore files? > Of course, I completely customized nifi.properties (format, passwords, > path, etc.). > However, when I start 2.7.1, I get the following error: > > java.util.concurrent.ExecutionException: > java.lang.IllegalStateException: Enabling > StandardControllerServiceNode[service=SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc], > > name=StandardRestrictedSSLContextService, active=true] failed: > Validation Status [INVALID] Errors ['Keystore Properties' is invalid > because Invalid keystore password or type specified for file > [/opt/nifi/current/conf/keystore.pkcs12]: keystore password was > incorrect, 'Truststore Properties' is invalid because Invalid truststore > password or type specified for file > [/opt/nifi/current/conf/truststore.jks]: Keystore was tampered with, or > password was incorrect] > at > > java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396) > at > > java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2096) > at > > org.apache.nifi.controller.service.StandardControllerServiceProvider.enableControllerServices(StandardControllerServiceProvider.java:261) > at > > org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.inheritControllerServices(VersionedFlowSynchronizer.java:1057) > at > > org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.synchronizeFlow(VersionedFlowSynchronizer.java:416) > at > > org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.sync(VersionedFlowSynchronizer.java:221) > at > > org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1817) > at > > org.apache.nifi.persistence.StandardFlowConfigurationDAO.load(StandardFlowConfigurationDAO.java:91) > at > > org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:762) > at > > org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:483) > at > > org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:67) > at > > org.eclipse.jetty.ee11.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:1609) > at > > org.eclipse.jetty.ee11.servlet.ServletContextHandler.contextInitialized(ServletContextHandler.java:498) > at > > org.eclipse.jetty.ee11.servlet.ServletHandler.initialize(ServletHandler.java:676) > at > > org.eclipse.jetty.ee11.servlet.ServletContextHandler.startContext(ServletContextHandler.java:1343) > ... > > at org.apache.nifi.NiFi.main(NiFi.java:42) > Caused by: java.lang.IllegalStateException: Enabling > StandardControllerServiceNode[service=SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc], > > name=StandardRestrictedSSLContextService, active=true] failed: > Validation Status [INVALID] Errors ['Keystore Properties' is invalid > because Invalid keystore password or type specified for file > [/opt/nifi/current/conf/keystore.pkcs12]: keystore password was > incorrect, 'Truststore Properties' is invalid because Invalid truststore > password or type specified for file > [/opt/nifi/current/conf/truststore.jks]: Keystore was tampered with, or > password was incorrect] > at > > org.apache.nifi.controller.service.StandardControllerServiceNode$2.run(StandardControllerServiceNode.java:659) > at > org.apache.nifi.engine.FlowEngine.lambda$wrap$1(FlowEngine.java:105) > at > > java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) > at > java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) > at > > java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) > at > > java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) > at > > java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) > at java.base/java.lang.Thread.run(Thread.java:1583) > > > 2025-12-14 13:53:02,962 ERROR [Timer-Driven Process Thread-2] > o.a.n.s.StandardRestrictedSSLContextService > SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc] Failed to > invoke @OnEnabled method > org.apache.nifi.reporting.InitializationException: > SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc] is not valid > due to: > 'Keystore Properties' is invalid because Invalid keystore password or > type specified for file [/opt/nifi/current/conf/keystore.pkcs12]: > keystore password was incorrect > 'Truststore Properties' is invalid because Invalid truststore password > or type specified for file [/opt/nifi/current/conf/truststore.jks]: > Keystore was tampered with, or password was incorrect > at > > org.apache.nifi.ssl.StandardSSLContextService.onConfigured(StandardSSLContextService.java:175) > at > > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) > at java.base/java.lang.reflect.Method.invoke(Method.java:580) > at > > org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:145) > at > > org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:133) > at > > org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:78) > at > > org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:55) > at > > org.apache.nifi.controller.service.StandardControllerServiceNode$2.run(StandardControllerServiceNode.java:685) > at > org.apache.nifi.engine.FlowEngine.lambda$wrap$1(FlowEngine.java:105) > at > > java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) > at > java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) > at > > java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) > at > > java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) > at > > java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) > at java.base/java.lang.Thread.run(Thread.java:1583) > > > *I have set all properties exactly as I did with 2.6., which have the > following format:* > > nifi.sensitive.props.key=XXXXXXXXXXXXXXXXXXXXXXXXXXX > nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256 > > nifi.security.autoreload.enabled=false > nifi.security.autoreload.interval=10 secs > nifi.security.keystore=./conf/keystore.pkcs12 > nifi.security.keystore.certificate= > nifi.security.keystore.privateKey= > nifi.security.keystoreType=PKCS12 > nifi.security.keystorePasswd=XXXXXXXXXXXXXXXXXXXXXXXXXXX > nifi.security.keyPasswd=XXXXXXXXXXXXXXXXXXXXXXXXXXX > nifi.security.truststore=./conf/truststore.jks > nifi.security.truststore.certificate= > nifi.security.truststoreType=jks > nifi.security.truststorePasswd=XXXXXXXXXXXXXXXXXXXXXXXXXXX > > > This has worked with all upgrades so far. Has anything changed in 2.7.1? > > Regards, > Kay-Uwe >
