Hello, Can you confirm you have set nifi.security.keyPasswd= in nifi.properties?
Thanks, Bryan On Fri, Mar 13, 2020 at 8:34 AM Samarendra Sahoo <[email protected]> wrote: > Hi Folks - Have followed link - > https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#standalone and > ran > > sh tls-toolkit.sh standalone -n 'IPAdress_Server-1,IPAdress_Server-2' -B > 'cert_pwd' -P 'keystore_pwd' -C 'CN=admin_user,OU=NIFI' > > Post that updated nifi properties and replaced keystore.jks and > truststore.jks at respective conf directories. > > Still getting below exception > > javax.net.ssl.SSLPeerUnverifiedException: Hostname IPAdress_Server-1 not > verified: certificate: sha256/iFuXwuZnOCkARK72ayOHJk1KZywi6niooID9RMpTJ2Q= > DN: CN=IPAdress_Server-1, OU=NIFI subjectAltNames: [IPAdress_Server-1] > > Pls help. > > On Thu, Mar 12, 2020 at 8:33 PM Samarendra Sahoo < > [email protected]> wrote: > >> We are enabling LDAP and SSL, have been successful in one node cluster. >> However while running this for 2 node cluster, unable to succeed, have put >> exception below. While we are troubleshooting, wanted to check if there are >> any handy references for this. >> >> 2020-03-12 18:54:36,222 WARN [Process Cluster Protocol Request-2] >> o.a.n.c.p.impl.SocketProtocolListener Failed processing protocol message >> from bbsr02cloud10.ad.infosys.com due to >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path validation failed: >> java.security.cert.CertPathValidatorException: Path does not chain with any >> of the trust anchors >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path validation failed: >> java.security.cert.CertPathValidatorException: Path does not chain with any >> of the trust anchors >> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) >> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) >> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) >> at >> sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1983) >> at >> sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:232) >> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) >> at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) >> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) >> at >> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) >> at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:931) >> at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) >> at sun.security.ssl.AppInputStream.read(AppInputStream.java:71) >> at >> org.apache.nifi.stream.io.ByteCountingInputStream.read(ByteCountingInputStream.java:42) >> at java.io.FilterInputStream.read(FilterInputStream.java:83) >> at >> org.apache.nifi.cluster.protocol.jaxb.JaxbProtocolContext$2.unmarshal(JaxbProtocolContext.java:110) >> at >> org.apache.nifi.cluster.protocol.impl.SocketProtocolListener.dispatchRequest(SocketProtocolListener.java:149) >> at >> org.apache.nifi.io.socket.SocketListener$2$1.run(SocketListener.java:136) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >> at java.lang.Thread.run(Thread.java:748) >> >
