Re: GUI not coming up with secured NiFi[1.7.0] cluster

Tue, 03 Jul 2018 04:01:01 -0700 

I think that "*." is what is confusing it. It's looking for a host whose
hostname/dns entry starts with *. and AFAIK that's not going to happen.

On Tue, Jul 3, 2018 at 6:48 AM V, Prashanth (Nokia - IN/Bangalore) <
[email protected]> wrote:

> Team,
>
>
>
> NiFi secured cluster throws below error with wildcarded self-signed
> standalone certificate.  Just a brief background, we are deploying nifi in
> Kubernetes  where we have to use wildcarded certificates. Till nifi 1.6.0,
> it was working fine.
>
> Also I tried bringing up NiFi in linux VM in secured cluster mode with
> wildcarded certs, I am getting same error.
>
>
>
> *Toolkit command to generate certs:*
>
> bin/tls-toolkit.sh standalone -n '
> **.mynifi-nifi-headless.default.svc.cluster.local’* -C 'CN=admin,
> OU=NIFI' -o <targetfolder>
>
>
>
> *Logs:*
>
> *2018-07-02 12:40:32,369 WARN [Replicate Request Thread-1]
> o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET
> /nifi-api/flow/current-user to
> mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local:8443 due to
> javax.net.ssl.SSLPeerUnverifiedException: Hostname
> mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local not verified:*
>
> *    certificate: sha256/########################################*
>
> *    DN: CN=*.mynifi-nifi-headless.default.svc.cluster.local, OU=NIFI*
>
> *    subjectAltNames: [*.mynifi-nifi-headless.default.svc.cluster.local]*
>
> *2018-07-02 12:40:32,370 WARN [Replicate Request Thread-1]
> o.a.n.c.c.h.r.ThreadPoolRequestReplicator*
>
> *javax.net.ssl.SSLPeerUnverifiedException: Hostname
> mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local not verified:*
>
> *    certificate: sha256/########################################*
>
> *    DN: CN=*.mynifi-nifi-headless.default.svc.cluster.local, OU=NIFI*
>
> *    subjectAltNames: [*.mynifi-nifi-headless.default.svc.cluster.local]*
>
> *        at
> okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:316)*
>
>
>
> Please help me in resolving this.
>
>
>
> *Note*: Same certificates is working for single mode setup.
>
>
>
> Thanks & Regards,
>
> Prashanth
>
>
>

Reply via email to