Thanks for initiating this discussion, I have submitted a pull request to address the bug described in NIFI-15340. [1]
Regards, David Handermann [1] https://github.com/apache/nifi/pull/10643 On Sun, Dec 14, 2025 at 1:43 PM [email protected] <[email protected]> wrote: > > Hello Eric, > > Oh yes, you're right. I overlooked that one. > And I also think that the bug > https://issues.apache.org/jira/browse/NIFI-15340 applies here. I thought that > had already been fixed in 2.7.1... so I'll wait for 2.7.2 :) > > Thanks for your support! > > -Kay-Uwe > > Mit freundlichen Grüßen / best regards > Kay-Uwe Moosheimer > > > Am 14.12.2025 um 18:13 schrieb Eric Secules <[email protected]>: > > > > It also looks like you're using a deprecated controller service. The > > migration guide for 2.7.0 can be found here: > > > > https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=57905503#MigrationGuidance-Migratingto2.7.0 > > > >> On Sun, Dec 14, 2025, 9:05 AM Eric Secules <[email protected]> wrote: > >> > >> Hello Kay-Uwe > >> > >> Maybe it's this bug? https://issues.apache.org/jira/browse/NIFI-15340 > >> > >> It's listed as a known issue in the release notes. > >> > >> -Eric > >> > >> On Sun, Dec 14, 2025, 5:07 AM [email protected] <[email protected]> > >> wrote: > >> > >>> Dear NiFi Team, > >>> > >>> Did I overlook something when upgrading from 2.6.0 to 2.7.1 with regard > >>> to the keystore and truststore files? > >>> Of course, I completely customized nifi.properties (format, passwords, > >>> path, etc.). > >>> However, when I start 2.7.1, I get the following error: > >>> > >>> java.util.concurrent.ExecutionException: > >>> java.lang.IllegalStateException: Enabling > >>> StandardControllerServiceNode[service=SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc], > >>> > >>> name=StandardRestrictedSSLContextService, active=true] failed: > >>> Validation Status [INVALID] Errors ['Keystore Properties' is invalid > >>> because Invalid keystore password or type specified for file > >>> [/opt/nifi/current/conf/keystore.pkcs12]: keystore password was > >>> incorrect, 'Truststore Properties' is invalid because Invalid truststore > >>> password or type specified for file > >>> [/opt/nifi/current/conf/truststore.jks]: Keystore was tampered with, or > >>> password was incorrect] > >>> at > >>> > >>> java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396) > >>> at > >>> > >>> java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2096) > >>> at > >>> > >>> org.apache.nifi.controller.service.StandardControllerServiceProvider.enableControllerServices(StandardControllerServiceProvider.java:261) > >>> at > >>> > >>> org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.inheritControllerServices(VersionedFlowSynchronizer.java:1057) > >>> at > >>> > >>> org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.synchronizeFlow(VersionedFlowSynchronizer.java:416) > >>> at > >>> > >>> org.apache.nifi.controller.serialization.VersionedFlowSynchronizer.sync(VersionedFlowSynchronizer.java:221) > >>> at > >>> > >>> org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1817) > >>> at > >>> > >>> org.apache.nifi.persistence.StandardFlowConfigurationDAO.load(StandardFlowConfigurationDAO.java:91) > >>> at > >>> > >>> org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:762) > >>> at > >>> > >>> org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:483) > >>> at > >>> > >>> org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:67) > >>> at > >>> > >>> org.eclipse.jetty.ee11.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:1609) > >>> at > >>> > >>> org.eclipse.jetty.ee11.servlet.ServletContextHandler.contextInitialized(ServletContextHandler.java:498) > >>> at > >>> > >>> org.eclipse.jetty.ee11.servlet.ServletHandler.initialize(ServletHandler.java:676) > >>> at > >>> > >>> org.eclipse.jetty.ee11.servlet.ServletContextHandler.startContext(ServletContextHandler.java:1343) > >>> ... > >>> > >>> at org.apache.nifi.NiFi.main(NiFi.java:42) > >>> Caused by: java.lang.IllegalStateException: Enabling > >>> StandardControllerServiceNode[service=SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc], > >>> > >>> name=StandardRestrictedSSLContextService, active=true] failed: > >>> Validation Status [INVALID] Errors ['Keystore Properties' is invalid > >>> because Invalid keystore password or type specified for file > >>> [/opt/nifi/current/conf/keystore.pkcs12]: keystore password was > >>> incorrect, 'Truststore Properties' is invalid because Invalid truststore > >>> password or type specified for file > >>> [/opt/nifi/current/conf/truststore.jks]: Keystore was tampered with, or > >>> password was incorrect] > >>> at > >>> > >>> org.apache.nifi.controller.service.StandardControllerServiceNode$2.run(StandardControllerServiceNode.java:659) > >>> at > >>> org.apache.nifi.engine.FlowEngine.lambda$wrap$1(FlowEngine.java:105) > >>> at > >>> > >>> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) > >>> at > >>> java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) > >>> at > >>> > >>> java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) > >>> at > >>> > >>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) > >>> at > >>> > >>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) > >>> at java.base/java.lang.Thread.run(Thread.java:1583) > >>> > >>> > >>> 2025-12-14 13:53:02,962 ERROR [Timer-Driven Process Thread-2] > >>> o.a.n.s.StandardRestrictedSSLContextService > >>> SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc] Failed to > >>> invoke @OnEnabled method > >>> org.apache.nifi.reporting.InitializationException: > >>> SSLContextService[id=b3942123-018b-1000-3507-9ecf751f5bbc] is not valid > >>> due to: > >>> 'Keystore Properties' is invalid because Invalid keystore password or > >>> type specified for file [/opt/nifi/current/conf/keystore.pkcs12]: > >>> keystore password was incorrect > >>> 'Truststore Properties' is invalid because Invalid truststore password > >>> or type specified for file [/opt/nifi/current/conf/truststore.jks]: > >>> Keystore was tampered with, or password was incorrect > >>> at > >>> > >>> org.apache.nifi.ssl.StandardSSLContextService.onConfigured(StandardSSLContextService.java:175) > >>> at > >>> > >>> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) > >>> at java.base/java.lang.reflect.Method.invoke(Method.java:580) > >>> at > >>> > >>> org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:145) > >>> at > >>> > >>> org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:133) > >>> at > >>> > >>> org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:78) > >>> at > >>> > >>> org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:55) > >>> at > >>> > >>> org.apache.nifi.controller.service.StandardControllerServiceNode$2.run(StandardControllerServiceNode.java:685) > >>> at > >>> org.apache.nifi.engine.FlowEngine.lambda$wrap$1(FlowEngine.java:105) > >>> at > >>> > >>> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) > >>> at > >>> java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) > >>> at > >>> > >>> java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) > >>> at > >>> > >>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) > >>> at > >>> > >>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) > >>> at java.base/java.lang.Thread.run(Thread.java:1583) > >>> > >>> > >>> *I have set all properties exactly as I did with 2.6., which have the > >>> following format:* > >>> > >>> nifi.sensitive.props.key=XXXXXXXXXXXXXXXXXXXXXXXXXXX > >>> nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256 > >>> > >>> nifi.security.autoreload.enabled=false > >>> nifi.security.autoreload.interval=10 secs > >>> nifi.security.keystore=./conf/keystore.pkcs12 > >>> nifi.security.keystore.certificate= > >>> nifi.security.keystore.privateKey= > >>> nifi.security.keystoreType=PKCS12 > >>> nifi.security.keystorePasswd=XXXXXXXXXXXXXXXXXXXXXXXXXXX > >>> nifi.security.keyPasswd=XXXXXXXXXXXXXXXXXXXXXXXXXXX > >>> nifi.security.truststore=./conf/truststore.jks > >>> nifi.security.truststore.certificate= > >>> nifi.security.truststoreType=jks > >>> nifi.security.truststorePasswd=XXXXXXXXXXXXXXXXXXXXXXXXXXX > >>> > >>> > >>> This has worked with all upgrades so far. Has anything changed in 2.7.1? > >>> > >>> Regards, > >>> Kay-Uwe > >>> > >> >
