[
https://issues.apache.org/jira/browse/NIFI-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nathan Gough resolved NIFI-6561.
--------------------------------
Resolution: Cannot Reproduce
> HTTPS S2S SAN Verification compatibility for JDK8 build running on JRE11
> ------------------------------------------------------------------------
>
> Key: NIFI-6561
> URL: https://issues.apache.org/jira/browse/NIFI-6561
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Security
> Affects Versions: 1.10.0
> Reporter: Nathan Gough
> Priority: Major
> Labels: Java11, certificate, tls
>
> When testing Java 11 build compatibility, I found an issue with TLS
> certificates when using a remote process group looped back to an input port
> on the same cluster. The same certificates were used for JDK8/JRE8,
> JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case.
> *Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when
> attempting to send to local input port with RPG*:
> {code:java}
> 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector Could not communicate with
> natog0.com:9551 to determine which nodes exist in the remote NiFi cluster,
> due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <natog0.com>
> doesn't match any of the subject alternative names: [natog1.com]
> 2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector]
> o.apache.nifi.remote.client.PeerSelector
> org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote
> Group's peers due to Unable to communicate with remote NiFi cluster in order
> to determine which nodes exist in the remote cluster{code}
> But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
