[ https://issues.apache.org/jira/browse/NIFI-5370?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy LoPresto updated NIFI-5370: -------------------------------- Fix Version/s: 1.7.1 > Cluster request replication failing with wildcard certs > ------------------------------------------------------- > > Key: NIFI-5370 > URL: https://issues.apache.org/jira/browse/NIFI-5370 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework > Affects Versions: 1.7.0 > Reporter: Andy LoPresto > Assignee: Andy LoPresto > Priority: Major > Labels: certificate, cluster, security, tls, wildcard > Fix For: 1.8.0, 1.7.1 > > > From the users mailing list: > {quote} > Team, > > NiFi secured cluster throws below error with wildcarded self-signed > standalone certificate. Just a brief background, we are deploying nifi in > Kubernetes where we have to use wildcarded certificates. Till nifi 1.6.0, it > was working fine. > Also I tried bringing up NiFi in linux VM in secured cluster mode with > wildcarded certs, I am getting same error. > > Toolkit command to generate certs: > bin/tls-toolkit.sh standalone -n > '*.mynifi-nifi-headless.default.svc.cluster.local’ -C 'CN=admin, OU=NIFI' -o > <targetfolder> > > Logs: > 2018-07-02 12:40:32,369 WARN [Replicate Request Thread-1] > o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET > /nifi-api/flow/current-user to > mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local:8443 due to > javax.net.ssl.SSLPeerUnverifiedException: Hostname > mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local not verified: > certificate: sha256/######################################## > DN: CN=*.mynifi-nifi-headless.default.svc.cluster.local, OU=NIFI > subjectAltNames: [*.mynifi-nifi-headless.default.svc.cluster.local] > 2018-07-02 12:40:32,370 WARN [Replicate Request Thread-1] > o.a.n.c.c.h.r.ThreadPoolRequestReplicator > javax.net.ssl.SSLPeerUnverifiedException: Hostname > mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local not verified: > certificate: sha256/######################################## > DN: CN=*.mynifi-nifi-headless.default.svc.cluster.local, OU=NIFI > subjectAltNames: [*.mynifi-nifi-headless.default.svc.cluster.local] > at > okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:316) > > Please help me in resolving this. > > Note: Same certificates is working for single mode setup. > {quote} -- This message was sent by Atlassian JIRA (v7.6.3#76005)