[jira] [Commented] (NIFI-11284) PutSplunkHTTP using https causes Java exception

Tue, 14 Mar 2023 19:35:42 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-11284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17700465#comment-17700465
 ] 

David Handermann commented on NIFI-11284:
-----------------------------------------

Thanks for reporting this issue [~wildaueh].

As you noted, the Splunk SDK upgrade to 1.9.1 incorporated new default settings 
to implement standard certificate validation for HTTPS connections. The [Splunk 
Release Notes for version 
1.8.0|https://dev.splunk.com/enterprise/docs/relnotes/relnotes-javasdk/whatsnew/#Version-180]
 describe the changes.

The same basic issue came up on a [recent thread in the NiFi User's mailing 
list|https://lists.apache.org/thread/yotth9g394sfk0gq4cvv11v3dg51f8v6], also 
highlighting the possible improvement of refactoring the Processor to support a 
custom SSL Context Service.

If the Splunk server has a private certificate, one temporary workaround is 
updating the Java system certificate authorities. As noted on the mailing list 
thread, even if the trust store includes the certificate issuer, the Splunk 
server certificate must also have a matching DNS Subject Alternative Name.

I added a comment to NIFI-10386, noting a potential path forward, which would 
require replacing the Splunk SDK with a generic NiFi HTTP client that supports 
a configurable SSL Context.
 

 

> PutSplunkHTTP using https causes Java exception
> -----------------------------------------------
>
>                 Key: NIFI-11284
>                 URL: https://issues.apache.org/jira/browse/NIFI-11284
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.19.1
>            Reporter: Heidi Wildauer
>            Priority: Major
>              Labels: PutSplunkHTTP, splunk
>         Attachments: image-2023-03-13-19-19-05-913.png
>
>
> The PutSplunkHTTP processor will no longer send data via https. The option is 
> not viable without a SSLContextService. Error messages are displayed when 
> trying to use PutSplunkHTTP in https mode.
> Error message is: Error during communication with Splunk: PKIX path building 
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
> find valid certification path to requested target (see image for the bulletin 
> message)
> This is new since the Splunk API upgrade completed here: 
> https://issues.apache.org/jira/browse/NIFI-10730
> !image-2023-03-13-19-19-05-913.png!
> Relates to enhancement: https://issues.apache.org/jira/browse/NIFI-10386



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to