lordgamez commented on pull request #947: URL: https://github.com/apache/nifi-minifi-cpp/pull/947#issuecomment-739828409
Tested manually the possible configuration options on Windows 10. They all worked well, I only have 2 comments: 1. While loading the server certificates, there is the possibility that a certificate might be loaded multiple times which results in an error `cert already in hash table`. As this is done for every heartbeat, this might flood the logs: ``` [2020-12-07 10:51:52.196] [org::apache::nifi::minifi::controllers::SSLContextService] [error] Failed to add server certificate /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root to the SSL store; error: error:0BFFF065:x509 certificate routines:CRYPTO_internal:cert already in hash table [2020-12-07 10:51:52.197] [org::apache::nifi::minifi::controllers::SSLContextService] [error] Failed to add server certificate /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA to the SSL store; error: error:0BFFF065:x509 certificate routines:CRYPTO_internal:cert already in hash table [2020-12-07 10:51:52.430] [org::apache::nifi::minifi::controllers::SSLContextService] [error] Failed to add server certificate /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root to the SSL store; error: error:0BFFF065:x509 certificate routines:CRYPTO_internal:cert already in hash table [2020-12-07 10:51:52.431] [org::apache::nifi::minifi::controllers::SSLContextService] [error] Failed to add server certificate /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA to the SSL store; error: error:0BFFF065:x509 certificate routines:CRYPTO_internal:cert already in hash table ``` 2. I encountered an error, that my private key was not exportable and the certificate could not be used because of this. As this is a requirement this should be noted in the documentation as well. ``` [2020-12-07 11:29:48.841] [org::apache::nifi::minifi::controllers::SSLContextService] [debug] Skipping client certificate /OU=NIFI/CN=minifi because it has no exportable private key [2020-12-07 11:29:48.841] [org::apache::nifi::minifi::controllers::SSLContextService] [error] Could not find any suitable client certificate in sytem store LocalMachine/MY ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
