Hello Eric, Oh yes, you're right. I overlooked that one. And I also think that the bug https://issues.apache.org/jira/browse/NIFI-15340 applies here. I thought that had already been fixed in 2.7.1... so I'll wait for 2.7.2 :)
Thanks for your support! -Kay-Uwe Mit freundlichen Grüßen / best regards Kay-Uwe Moosheimer > Am 14.12.2025 um 18:13 schrieb Eric Secules <[email protected]>: > > It also looks like you're using a deprecated controller service. The > migration guide for 2.7.0 can be found here: > > https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=57905503#MigrationGuidance-Migratingto2.7.0 > >> On Sun, Dec 14, 2025, 9:05 AM Eric Secules <[email protected]> wrote: >> >> Hello Kay-Uwe >> >> Maybe it's this bug? https://issues.apache.org/jira/browse/NIFI-15340 >> >> It's listed as a known issue in the release notes. >> >> -Eric >> >> On Sun, Dec 14, 2025, 5:07 AM [email protected] <[email protected]> >> wrote: >> >>> Dear NiFi Team, >>> >>> Did I overlook something when upgrading from 2.6.0 to 2.7.1 with regard >>> to the keystore and truststore files? >>> Of course, I completely customized nifi.properties (format, passwords, >>> path, etc.). >>> However, when I start 2.7.1, I get the following error: >>> >>> java.util.concurrent.ExecutionException: >>> java.lang.IllegalStateException: Enabling >>> StandardControllerServiceNode[service=SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc], >>> >>> name=StandardRestrictedSSLContextService, active=true] failed: >>> Validation Status [INVALID] Errors ['Keystore Properties' is invalid >>> because Invalid keystore password or type specified for file >>> [/opt/nifi/current/conf/keystore.pkcs12]: keystore password was >>> incorrect, 'Truststore Properties' is invalid because Invalid truststore >>> password or type specified for file >>> [/opt/nifi/current/conf/truststore.jks]: Keystore was tampered with, or >>> password was incorrect] >>> at >>> >>> java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396) >>> at >>> >>> java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2096) >>> at >>> >>> org.apache.nifi.controller.service.StandardControllerServiceProvider.enableControllerServices(StandardControllerServiceProvider.java:261) >>> at >>> >>> org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.inheritControllerServices(VersionedFlowSynchronizer.java:1057) >>> at >>> >>> org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.synchronizeFlow(VersionedFlowSynchronizer.java:416) >>> at >>> >>> org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.sync(VersionedFlowSynchronizer.java:221) >>> at >>> >>> org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1817) >>> at >>> >>> org.apache.nifi.persistence.StandardFlowConfigurationDAO.load(StandardFlowConfigurationDAO.java:91) >>> at >>> >>> org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:762) >>> at >>> >>> org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:483) >>> at >>> >>> org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:67) >>> at >>> >>> org.eclipse.jetty.ee11.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:1609) >>> at >>> >>> org.eclipse.jetty.ee11.servlet.ServletContextHandler.contextInitialized(ServletContextHandler.java:498) >>> at >>> >>> org.eclipse.jetty.ee11.servlet.ServletHandler.initialize(ServletHandler.java:676) >>> at >>> >>> org.eclipse.jetty.ee11.servlet.ServletContextHandler.startContext(ServletContextHandler.java:1343) >>> ... >>> >>> at org.apache.nifi.NiFi.main(NiFi.java:42) >>> Caused by: java.lang.IllegalStateException: Enabling >>> StandardControllerServiceNode[service=SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc], >>> >>> name=StandardRestrictedSSLContextService, active=true] failed: >>> Validation Status [INVALID] Errors ['Keystore Properties' is invalid >>> because Invalid keystore password or type specified for file >>> [/opt/nifi/current/conf/keystore.pkcs12]: keystore password was >>> incorrect, 'Truststore Properties' is invalid because Invalid truststore >>> password or type specified for file >>> [/opt/nifi/current/conf/truststore.jks]: Keystore was tampered with, or >>> password was incorrect] >>> at >>> >>> org.apache.nifi.controller.service.StandardControllerServiceNode$2.run(StandardControllerServiceNode.java:659) >>> at >>> org.apache.nifi.engine.FlowEngine.lambda$wrap$1(FlowEngine.java:105) >>> at >>> >>> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) >>> at >>> java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) >>> at >>> >>> java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) >>> at >>> >>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) >>> at >>> >>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) >>> at java.base/java.lang.Thread.run(Thread.java:1583) >>> >>> >>> 2025-12-14 13:53:02,962 ERROR [Timer-Driven Process Thread-2] >>> o.a.n.s.StandardRestrictedSSLContextService >>> SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc] Failed to >>> invoke @OnEnabled method >>> org.apache.nifi.reporting.InitializationException: >>> SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc] is not valid >>> due to: >>> 'Keystore Properties' is invalid because Invalid keystore password or >>> type specified for file [/opt/nifi/current/conf/keystore.pkcs12]: >>> keystore password was incorrect >>> 'Truststore Properties' is invalid because Invalid truststore password >>> or type specified for file [/opt/nifi/current/conf/truststore.jks]: >>> Keystore was tampered with, or password was incorrect >>> at >>> >>> org.apache.nifi.ssl.StandardSSLContextService.onConfigured(StandardSSLContextService.java:175) >>> at >>> >>> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) >>> at java.base/java.lang.reflect.Method.invoke(Method.java:580) >>> at >>> >>> org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:145) >>> at >>> >>> org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:133) >>> at >>> >>> org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:78) >>> at >>> >>> org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:55) >>> at >>> >>> org.apache.nifi.controller.service.StandardControllerServiceNode$2.run(StandardControllerServiceNode.java:685) >>> at >>> org.apache.nifi.engine.FlowEngine.lambda$wrap$1(FlowEngine.java:105) >>> at >>> >>> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) >>> at >>> java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) >>> at >>> >>> java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) >>> at >>> >>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) >>> at >>> >>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) >>> at java.base/java.lang.Thread.run(Thread.java:1583) >>> >>> >>> *I have set all properties exactly as I did with 2.6., which have the >>> following format:* >>> >>> nifi.sensitive.props.key=XXXXXXXXXXXXXXXXXXXXXXXXXXX >>> nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256 >>> >>> nifi.security.autoreload.enabled=false >>> nifi.security.autoreload.interval=10 secs >>> nifi.security.keystore=./conf/keystore.pkcs12 >>> nifi.security.keystore.certificate= >>> nifi.security.keystore.privateKey= >>> nifi.security.keystoreType=PKCS12 >>> nifi.security.keystorePasswd=XXXXXXXXXXXXXXXXXXXXXXXXXXX >>> nifi.security.keyPasswd=XXXXXXXXXXXXXXXXXXXXXXXXXXX >>> nifi.security.truststore=./conf/truststore.jks >>> nifi.security.truststore.certificate= >>> nifi.security.truststoreType=jks >>> nifi.security.truststorePasswd=XXXXXXXXXXXXXXXXXXXXXXXXXXX >>> >>> >>> This has worked with all upgrades so far. Has anything changed in 2.7.1? >>> >>> Regards, >>> Kay-Uwe >>> >>
