[jira] [Updated] (NIFI-5370) Cluster request replication failing with wildcard certs
[
https://issues.apache.org/jira/browse/NIFI-5370?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy LoPresto updated NIFI-5370:
Fix Version/s: 1.7.1
> Cluster request replication failing with wildcard certs
> ---
>
> Key: NIFI-5370
> URL: https://issues.apache.org/jira/browse/NIFI-5370
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.7.0
>Reporter: Andy LoPresto
>Assignee: Andy LoPresto
>Priority: Major
> Labels: certificate, cluster, security, tls, wildcard
> Fix For: 1.8.0, 1.7.1
>
>
> From the users mailing list:
> {quote}
> Team,
>
> NiFi secured cluster throws below error with wildcarded self-signed
> standalone certificate. Just a brief background, we are deploying nifi in
> Kubernetes where we have to use wildcarded certificates. Till nifi 1.6.0, it
> was working fine.
> Also I tried bringing up NiFi in linux VM in secured cluster mode with
> wildcarded certs, I am getting same error.
>
> Toolkit command to generate certs:
> bin/tls-toolkit.sh standalone -n
> '*.mynifi-nifi-headless.default.svc.cluster.local’ -C 'CN=admin, OU=NIFI' -o
>
>
> Logs:
> 2018-07-02 12:40:32,369 WARN [Replicate Request Thread-1]
> o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET
> /nifi-api/flow/current-user to
> mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local:8443 due to
> javax.net.ssl.SSLPeerUnverifiedException: Hostname
> mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local not verified:
> certificate: sha256/
> DN: CN=*.mynifi-nifi-headless.default.svc.cluster.local, OU=NIFI
> subjectAltNames: [*.mynifi-nifi-headless.default.svc.cluster.local]
> 2018-07-02 12:40:32,370 WARN [Replicate Request Thread-1]
> o.a.n.c.c.h.r.ThreadPoolRequestReplicator
> javax.net.ssl.SSLPeerUnverifiedException: Hostname
> mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local not verified:
> certificate: sha256/
> DN: CN=*.mynifi-nifi-headless.default.svc.cluster.local, OU=NIFI
> subjectAltNames: [*.mynifi-nifi-headless.default.svc.cluster.local]
> at
> okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:316)
>
> Please help me in resolving this.
>
> Note: Same certificates is working for single mode setup.
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (NIFI-5370) Cluster request replication failing with wildcard certs
[
https://issues.apache.org/jira/browse/NIFI-5370?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mark Payne updated NIFI-5370:
-
Resolution: Fixed
Fix Version/s: 1.8.0
Status: Resolved (was: Patch Available)
> Cluster request replication failing with wildcard certs
> ---
>
> Key: NIFI-5370
> URL: https://issues.apache.org/jira/browse/NIFI-5370
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.7.0
>Reporter: Andy LoPresto
>Assignee: Andy LoPresto
>Priority: Major
> Labels: certificate, cluster, security, tls, wildcard
> Fix For: 1.8.0
>
>
> From the users mailing list:
> {quote}
> Team,
>
> NiFi secured cluster throws below error with wildcarded self-signed
> standalone certificate. Just a brief background, we are deploying nifi in
> Kubernetes where we have to use wildcarded certificates. Till nifi 1.6.0, it
> was working fine.
> Also I tried bringing up NiFi in linux VM in secured cluster mode with
> wildcarded certs, I am getting same error.
>
> Toolkit command to generate certs:
> bin/tls-toolkit.sh standalone -n
> '*.mynifi-nifi-headless.default.svc.cluster.local’ -C 'CN=admin, OU=NIFI' -o
>
>
> Logs:
> 2018-07-02 12:40:32,369 WARN [Replicate Request Thread-1]
> o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET
> /nifi-api/flow/current-user to
> mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local:8443 due to
> javax.net.ssl.SSLPeerUnverifiedException: Hostname
> mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local not verified:
> certificate: sha256/
> DN: CN=*.mynifi-nifi-headless.default.svc.cluster.local, OU=NIFI
> subjectAltNames: [*.mynifi-nifi-headless.default.svc.cluster.local]
> 2018-07-02 12:40:32,370 WARN [Replicate Request Thread-1]
> o.a.n.c.c.h.r.ThreadPoolRequestReplicator
> javax.net.ssl.SSLPeerUnverifiedException: Hostname
> mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local not verified:
> certificate: sha256/
> DN: CN=*.mynifi-nifi-headless.default.svc.cluster.local, OU=NIFI
> subjectAltNames: [*.mynifi-nifi-headless.default.svc.cluster.local]
> at
> okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:316)
>
> Please help me in resolving this.
>
> Note: Same certificates is working for single mode setup.
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (NIFI-5370) Cluster request replication failing with wildcard certs
[
https://issues.apache.org/jira/browse/NIFI-5370?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy LoPresto updated NIFI-5370:
Status: Patch Available (was: In Progress)
> Cluster request replication failing with wildcard certs
> ---
>
> Key: NIFI-5370
> URL: https://issues.apache.org/jira/browse/NIFI-5370
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
>Affects Versions: 1.7.0
>Reporter: Andy LoPresto
>Assignee: Andy LoPresto
>Priority: Major
> Labels: certificate, cluster, security, tls, wildcard
>
> From the users mailing list:
> {quote}
> Team,
>
> NiFi secured cluster throws below error with wildcarded self-signed
> standalone certificate. Just a brief background, we are deploying nifi in
> Kubernetes where we have to use wildcarded certificates. Till nifi 1.6.0, it
> was working fine.
> Also I tried bringing up NiFi in linux VM in secured cluster mode with
> wildcarded certs, I am getting same error.
>
> Toolkit command to generate certs:
> bin/tls-toolkit.sh standalone -n
> '*.mynifi-nifi-headless.default.svc.cluster.local’ -C 'CN=admin, OU=NIFI' -o
>
>
> Logs:
> 2018-07-02 12:40:32,369 WARN [Replicate Request Thread-1]
> o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET
> /nifi-api/flow/current-user to
> mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local:8443 due to
> javax.net.ssl.SSLPeerUnverifiedException: Hostname
> mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local not verified:
> certificate: sha256/
> DN: CN=*.mynifi-nifi-headless.default.svc.cluster.local, OU=NIFI
> subjectAltNames: [*.mynifi-nifi-headless.default.svc.cluster.local]
> 2018-07-02 12:40:32,370 WARN [Replicate Request Thread-1]
> o.a.n.c.c.h.r.ThreadPoolRequestReplicator
> javax.net.ssl.SSLPeerUnverifiedException: Hostname
> mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local not verified:
> certificate: sha256/
> DN: CN=*.mynifi-nifi-headless.default.svc.cluster.local, OU=NIFI
> subjectAltNames: [*.mynifi-nifi-headless.default.svc.cluster.local]
> at
> okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:316)
>
> Please help me in resolving this.
>
> Note: Same certificates is working for single mode setup.
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
