Ryan, In addition to the solution Bryan pointed out, if you want to be able to use IP addresses to identify the registry endpoint, you can also add the IP address in the Subject Alternative Names list in the certificate and then it will be able to verify the certificate.
Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Feb 21, 2018, at 10:24 AM, Ryan H <[email protected]> > wrote: > > Hi, > > Yes, that looks like it is the issue. I think I have run into this problem > before using IP's instead of hostnames. I have it working now. > > Thanks for the quick response! > > -Ryan H > > On Wed, Feb 21, 2018 at 10:15 AM, Bryan Bende <[email protected] > <mailto:[email protected]>> wrote: > Ryan, > > Did you happen to enter the registry client in NiFI using the IP > address of the registry? > > I'm not totally sure, but based on that message it seems like its > trying to connect to an IP address, but the certificate of the > registry only contains the hostname of the registry. > > -Bryan > > > On Wed, Feb 21, 2018 at 12:52 PM, Ryan H > <[email protected] > <mailto:[email protected]>> wrote: > > Hi All, > > > > I am running into an issue with connecting to a Secure NiFi Registry > > instance from a Secure NiFi cluster. When trying to place a process group > > under version control, I am getting the following error: > > > > Unable to obtain listing of buckets: javax.net.ssl.SSLHandshakeException: > > java.security.cert.CertificateException: No subject alternative names > > matching IP address my-secure-registry-ip found > > > > I have added the DN for each of the Nodes in the cluster to the > > authorizers.xml file on the registry in the usersGroupProvider list. I have > > also added the DN of the secure registry to the usersGroupProvider list on > > the secure NiFi cluster nodes. > > > > Any thoughts? > > > > Thanks, > > > > Ryan H >
signature.asc
Description: Message signed with OpenPGP using GPGMail
