Hi Briyan, Yes, those are copied/merged as it got created by running the tool kit utility.
nifi.security.keyPasswd=DudP4db9WgtTjXz8Z9EhHkAOBmthPvH8btBCD3Iw7hk On Fri, Mar 13, 2020 at 7:13 PM Bryan Bende <[email protected]> wrote: > Hello, > > Can you confirm you have set nifi.security.keyPasswd= in nifi.properties? > > Thanks, > > Bryan > > On Fri, Mar 13, 2020 at 8:34 AM Samarendra Sahoo < > [email protected]> wrote: > >> Hi Folks - Have followed link - >> https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#standalone and >> ran >> >> sh tls-toolkit.sh standalone -n 'IPAdress_Server-1,IPAdress_Server-2' -B >> 'cert_pwd' -P 'keystore_pwd' -C 'CN=admin_user,OU=NIFI' >> >> Post that updated nifi properties and replaced keystore.jks and >> truststore.jks at respective conf directories. >> >> Still getting below exception >> >> javax.net.ssl.SSLPeerUnverifiedException: Hostname IPAdress_Server-1 not >> verified: certificate: sha256/iFuXwuZnOCkARK72ayOHJk1KZywi6niooID9RMpTJ2Q= >> DN: CN=IPAdress_Server-1, OU=NIFI subjectAltNames: [IPAdress_Server-1] >> >> Pls help. >> >> On Thu, Mar 12, 2020 at 8:33 PM Samarendra Sahoo < >> [email protected]> wrote: >> >>> We are enabling LDAP and SSL, have been successful in one node cluster. >>> However while running this for 2 node cluster, unable to succeed, have put >>> exception below. While we are troubleshooting, wanted to check if there are >>> any handy references for this. >>> >>> 2020-03-12 18:54:36,222 WARN [Process Cluster Protocol Request-2] >>> o.a.n.c.p.impl.SocketProtocolListener Failed processing protocol message >>> from bbsr02cloud10.ad.infosys.com due to >>> javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path validation failed: >>> java.security.cert.CertPathValidatorException: Path does not chain with any >>> of the trust anchors >>> javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path validation failed: >>> java.security.cert.CertPathValidatorException: Path does not chain with any >>> of the trust anchors >>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) >>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) >>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) >>> at >>> sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1983) >>> at >>> sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:232) >>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) >>> at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) >>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) >>> at >>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) >>> at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:931) >>> at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) >>> at sun.security.ssl.AppInputStream.read(AppInputStream.java:71) >>> at >>> org.apache.nifi.stream.io.ByteCountingInputStream.read(ByteCountingInputStream.java:42) >>> at java.io.FilterInputStream.read(FilterInputStream.java:83) >>> at >>> org.apache.nifi.cluster.protocol.jaxb.JaxbProtocolContext$2.unmarshal(JaxbProtocolContext.java:110) >>> at >>> org.apache.nifi.cluster.protocol.impl.SocketProtocolListener.dispatchRequest(SocketProtocolListener.java:149) >>> at >>> org.apache.nifi.io.socket.SocketListener$2$1.run(SocketListener.java:136) >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >>> at java.lang.Thread.run(Thread.java:748) >>> >>
