https://community.cloudera.com/t5/Support-Questions/Secured-NiFi-with-empty-keystore-password-does-not-start/m-p/230897#M192744 <P>I have a cluster with 7 NiFi nodes. After a node crash, on restart, NiFi could not find the file /usr/hdf/current/nifi/conf/keystore.jks and truststore.jks</P><P>I have re-created the files with</P><PRE>tls-toolkit.sh client -c tp-hostname.domain.com -t passwordPassword -p 10443</PRE><P> In Ambari config the keystore and truststore pasword are empty.</P><P>When I start the NiFi services Ihave:</P><PRE>Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'protocolSocketConfiguration': FactoryBean threw exception on object creation; nested exception is java.io.IOException: Keystore was tampered with, or password was incorrect at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103) at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1585) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:317) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) ... 78 common frames omitted Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.nifi.io.socket.SSLContextFactory.&lt;init&gt;(SSLContextFactory.java:65) at org.apache.nifi.cluster.protocol.spring.SocketConfigurationFactoryBean.getObject(SocketConfigurationFactoryBean.java:45) at org.apache.nifi.cluster.protocol.spring.SocketConfigurationFactoryBean.getObject(SocketConfigurationFactoryBean.java:30) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168) ... 83 common frames omitted Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ... 91 common frames omitted </PRE><P>In nifi.properties I have:</P><PRE>nifi.security.keyPasswd= nifi.security.keystore=/usr/hdf/current/nifi/conf/keystore.jks nifi.security.keystorePasswd= nifi.security.keystoreType=jks nifi.security.needClientAuth=False nifi.security.ocsp.responder.certificate= nifi.security.ocsp.responder.url= nifi.security.truststore=/usr/hdf/current/nifi/conf/truststore.jks nifi.security.truststorePasswd= nifi.security.truststoreType=jks nifi.security.user.authorizer=ranger-provider nifi.security.user.login.identity.provider= nifi.sensitive.props.additional.keys= nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL nifi.sensitive.props.key=sdlkjdslkjsdlkjdjjd||xyGZZ+R3FO04BxcUHSL5U6+OGqtQQevXbFfecQ nifi.sensitive.props.key.protected=aes/gcm/256 nifi.sensitive.props.provider=BC</PRE><P>On other NiFi nodes I have an encrypted password in nifi.properties, but the truststore and the keystore has an empty string as a password.</P><P>Do you have any idea for this issue?</P><P>Thanks in advance</P> Sat, 23 Dec 2017 00:02:18 GMT isoardi 2017-12-23T00:02:18Z https://community.cloudera.com/t5/Support-Questions/Secured-NiFi-with-empty-keystore-password-does-not-start/m-p/230897#M192744 <P>I have a cluster with 7 NiFi nodes. After a node crash, on restart, NiFi could not find the file /usr/hdf/current/nifi/conf/keystore.jks and truststore.jks</P><P>I have re-created the files with</P><PRE>tls-toolkit.sh client -c tp-hostname.domain.com -t passwordPassword -p 10443</PRE><P> In Ambari config the keystore and truststore pasword are empty.</P><P>When I start the NiFi services Ihave:</P><PRE>Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'protocolSocketConfiguration': FactoryBean threw exception on object creation; nested exception is java.io.IOException: Keystore was tampered with, or password was incorrect at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103) at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1585) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:317) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) ... 78 common frames omitted Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.nifi.io.socket.SSLContextFactory.&lt;init&gt;(SSLContextFactory.java:65) at org.apache.nifi.cluster.protocol.spring.SocketConfigurationFactoryBean.getObject(SocketConfigurationFactoryBean.java:45) at org.apache.nifi.cluster.protocol.spring.SocketConfigurationFactoryBean.getObject(SocketConfigurationFactoryBean.java:30) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168) ... 83 common frames omitted Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ... 91 common frames omitted </PRE><P>In nifi.properties I have:</P><PRE>nifi.security.keyPasswd= nifi.security.keystore=/usr/hdf/current/nifi/conf/keystore.jks nifi.security.keystorePasswd= nifi.security.keystoreType=jks nifi.security.needClientAuth=False nifi.security.ocsp.responder.certificate= nifi.security.ocsp.responder.url= nifi.security.truststore=/usr/hdf/current/nifi/conf/truststore.jks nifi.security.truststorePasswd= nifi.security.truststoreType=jks nifi.security.user.authorizer=ranger-provider nifi.security.user.login.identity.provider= nifi.sensitive.props.additional.keys= nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL nifi.sensitive.props.key=sdlkjdslkjsdlkjdjjd||xyGZZ+R3FO04BxcUHSL5U6+OGqtQQevXbFfecQ nifi.sensitive.props.key.protected=aes/gcm/256 nifi.sensitive.props.provider=BC</PRE><P>On other NiFi nodes I have an encrypted password in nifi.properties, but the truststore and the keystore has an empty string as a password.</P><P>Do you have any idea for this issue?</P><P>Thanks in advance</P> Sat, 23 Dec 2017 00:02:18 GMT https://community.cloudera.com/t5/Support-Questions/Secured-NiFi-with-empty-keystore-password-does-not-start/m-p/230897#M192744 isoardi 2017-12-23T00:02:18Z https://community.cloudera.com/t5/Support-Questions/Secured-NiFi-with-empty-keystore-password-does-not-start/m-p/230898#M192745 <A rel="user" href="https://community.cloudera.com/users/1186/isoardi.html" nodeid="1186">@Davide Isoardi</A><P>Are you still working on this issue?</P> Tue, 08 May 2018 02:51:58 GMT https://community.cloudera.com/t5/Support-Questions/Secured-NiFi-with-empty-keystore-password-does-not-start/m-p/230898#M192745 Wynner 2018-05-08T02:51:58Z https://community.cloudera.com/t5/Support-Questions/Secured-NiFi-with-empty-keystore-password-does-not-start/m-p/230899#M192746 <P>I got the same issue!</P><P>At the end, I deactivated and activated back SSL, so it generated new certificates for Nifi Cluster.</P> Fri, 07 Sep 2018 02:15:28 GMT https://community.cloudera.com/t5/Support-Questions/Secured-NiFi-with-empty-keystore-password-does-not-start/m-p/230899#M192746 minaa_khalili 2018-09-07T02:15:28Z