Hi Andy, Yes, thanks for the suggestion. Ultimately that is what I want to do for this specific situation. I just looked at the toolkit and saw that you are able to add in SAN's. I am going to try that route.
Cheers, Ryan H. On Wed, Feb 21, 2018 at 10:38 AM, Andy LoPresto <[email protected]> wrote: > Ryan, > > In addition to the solution Bryan pointed out, if you want to be able to > use IP addresses to identify the registry endpoint, you can also add the IP > address in the Subject Alternative Names list in the certificate and then > it will be able to verify the certificate. > > > Andy LoPresto > [email protected] > *[email protected] <[email protected]>* > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On Feb 21, 2018, at 10:24 AM, Ryan H <[email protected]> > wrote: > > Hi, > > Yes, that looks like it is the issue. I think I have run into this problem > before using IP's instead of hostnames. I have it working now. > > Thanks for the quick response! > > -Ryan H > > On Wed, Feb 21, 2018 at 10:15 AM, Bryan Bende <[email protected]> wrote: > >> Ryan, >> >> Did you happen to enter the registry client in NiFI using the IP >> address of the registry? >> >> I'm not totally sure, but based on that message it seems like its >> trying to connect to an IP address, but the certificate of the >> registry only contains the hostname of the registry. >> >> -Bryan >> >> >> On Wed, Feb 21, 2018 at 12:52 PM, Ryan H >> <[email protected]> wrote: >> > Hi All, >> > >> > I am running into an issue with connecting to a Secure NiFi Registry >> > instance from a Secure NiFi cluster. When trying to place a process >> group >> > under version control, I am getting the following error: >> > >> > Unable to obtain listing of buckets: javax.net.ssl.SSLHandshakeExce >> ption: >> > java.security.cert.CertificateException: No subject alternative names >> > matching IP address my-secure-registry-ip found >> > >> > I have added the DN for each of the Nodes in the cluster to the >> > authorizers.xml file on the registry in the usersGroupProvider list. I >> have >> > also added the DN of the secure registry to the usersGroupProvider list >> on >> > the secure NiFi cluster nodes. >> > >> > Any thoughts? >> > >> > Thanks, >> > >> > Ryan H >> > > >
