Digging into the NiFi TLS toolkit and SubjectAlternativeName for IP
addresses. I checked the NiFi TLS toolkit code for SubjectAlternativeName
and found this:
https://github.com/apache/nifi/blob/master/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java#L226
Extracting my reply from the other thread here since this has a clearly
identified error message:
*2 way SSL on*
- SSLPeerUnverifiedException: Certificate for doesn't match any
of the subject alternative names: [NIFI-IP]
This error is most likely occurring because you are using IP addresses.
Hi All,
I am starting a new thread on this as it is a different error on the last
thread I was on and hopefully to catch the attention of additional persons
that may have expertise with this (sorry for the many emails on this).
I have a NiFi secure cluster that I am using Apache Knox to proxy