Mike, Till NiFi 1.6.0 wildcarded certificate was working. Is there any workaround to resolve this issue? This error is happening during cluster replication of requests which is recently included I believe. What is happening during cluster request replication?
Note: We need to use wildcarded certificates for Kubernetes as I earlier mentioned.. Thanks & Regards, Prashanth From: Mike Thomsen [mailto:[email protected]] Sent: Tuesday, July 03, 2018 4:30 PM To: [email protected] Subject: Re: GUI not coming up with secured NiFi[1.7.0] cluster I think that "*." is what is confusing it. It's looking for a host whose hostname/dns entry starts with *. and AFAIK that's not going to happen. On Tue, Jul 3, 2018 at 6:48 AM V, Prashanth (Nokia - IN/Bangalore) <[email protected]<mailto:[email protected]>> wrote: Team, NiFi secured cluster throws below error with wildcarded self-signed standalone certificate. Just a brief background, we are deploying nifi in Kubernetes where we have to use wildcarded certificates. Till nifi 1.6.0, it was working fine. Also I tried bringing up NiFi in linux VM in secured cluster mode with wildcarded certs, I am getting same error. Toolkit command to generate certs: bin/tls-toolkit.sh standalone -n '*.mynifi-nifi-headless.default.svc.cluster.local’ -C 'CN=admin, OU=NIFI' -o <targetfolder> Logs: 2018-07-02 12:40:32,369 WARN [Replicate Request Thread-1] o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET /nifi-api/flow/current-user to mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local:8443 due to javax.net.ssl.SSLPeerUnverifiedException: Hostname mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local not verified: certificate: sha256/######################################## DN: CN=*.mynifi-nifi-headless.default.svc.cluster.local, OU=NIFI subjectAltNames: [*.mynifi-nifi-headless.default.svc.cluster.local] 2018-07-02 12:40:32,370 WARN [Replicate Request Thread-1] o.a.n.c.c.h.r.ThreadPoolRequestReplicator javax.net.ssl.SSLPeerUnverifiedException: Hostname mynifi-nifi-1.mynifi-nifi-headless.default.svc.cluster.local not verified: certificate: sha256/######################################## DN: CN=*.mynifi-nifi-headless.default.svc.cluster.local, OU=NIFI subjectAltNames: [*.mynifi-nifi-headless.default.svc.cluster.local] at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:316) Please help me in resolving this. Note: Same certificates is working for single mode setup. Thanks & Regards, Prashanth
