[jira] [Updated] (NIFI-4899) Unable to find valid certification path to requested target

Josef Zahner (JIRA) Thu, 22 Feb 2018 03:27:33 -0800

     [ 
https://issues.apache.org/jira/browse/NIFI-4899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Josef Zahner updated NIFI-4899:
-------------------------------
    Attachment: nifi_cert_issue.zip

> Unable to find valid certification path to requested target
> -----------------------------------------------------------
>
>                 Key: NIFI-4899
>                 URL: https://issues.apache.org/jira/browse/NIFI-4899
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core UI
>    Affects Versions: 1.5.0
>         Environment: NiFi Version 1.5.0 
> Java 1.8.0_161-b12 
> CentOS Linux release 7.4.1708
>            Reporter: Josef Zahner
>            Priority: Minor
>              Labels: certificate, login, ssl
>         Attachments: Screen Shot 2018-02-21 at 11.08.13.png, 
> nifi_cert_issue.zip
>
>
> In my clustered ssl environment, if I start the webgui the first time, enter 
> my login credentials (verified via LDAP) and go ahead (click "LOG IN") I'm 
> getting the error below:
> !Screen Shot 2018-02-21 at 11.08.13.png!
> {code:java}
> javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target
> at 
> org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:284)
> at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:278)
> at 
> org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$0(JerseyInvocation.java:753)
> at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
> at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
> at org.glassfish.jersey.internal.Errors.process(Errors.java:229)
> at 
> org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:414)
> at 
> org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:752)
> at 
> org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:661)
> at 
> org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:875)
> at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
> at java.util.concurrent.FutureTask.run(Unknown Source)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
> at java.lang.Thread.run(Unknown Source)
> Caused by: javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
> at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> at sun.security.ssl.Handshaker.process_record(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
> at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown 
> Source)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
> at java.net.HttpURLConnection.getResponseCode(Unknown Source)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown 
> Source)
> at 
> org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:390)
> at 
> org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:282)
> ... 14 common frames omitted
> Caused by: sun.security.validator.ValidatorException: PKIX path building 
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
> find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
> ... 30 common frames omitted
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable 
> to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown 
> Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 36 common frames omitted
> {code}
> A site refresh solves the issue and I can see the canvas. After the first 
> access, the issue is gone. I don't see it anymore until I restart NiFi.
> The certificate path of the cert should be fine, at least the browser 
> (chrome) shows no problems in the address field.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (NIFI-4899) Unable to find valid certification path to requested target

Reply via email to