Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Access failed after apache nifi installation

avatar
Explorer

HTTP ERROR 400 Invalid SNI

URI:STATUS:MESSAGE:SERVLET:CAUSED BY:

URI: /nifi
STATUS: 400
MESSAGE: Invalid SNI
SERVLET: -
CAUSED BY: org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI

Caused by:

org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI
at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:266)
at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:207)
at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1594)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:461)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:193)
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:208)
at org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:116)
at org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:451)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:125)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
at java.base/java.lang.Thread.run(Thread.java:1583)

8 REPLIES 8

avatar
New Contributor

Are you trying to access NiFi using an IP address in your browser? I got the same SNI error, but got round it by using the hostname...

avatar
Master Mentor

@whoknows 

Apache NiFi 2.0.0-M1 requires Java 21 and utilizes Jetty 10.  This results in needing to comply with the SNI specification.  

So the URL used to access your NiFi can not use an IP address and the hostname used must match a hostname found in the SAN entries list with the NiFi's configured keystore PrivateKeyEntry.

Apache NiFi 2.0 out-of-the-box will generate a keystore and truststore.  The keystore will contain a PrivateKeyEntry with a SAN entry for localhost and the server hostname.

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

avatar
New Contributor

Hello , I have same issue and i tried the recommended solution but none of this works the same error still persists. I tried setting in /etc/hosts file my IP addresses as different names like my.nifi.server , my.server.com etc.. and set that in the nifi.properties file yet no difference in the error. I restarted several times and log error persists.

avatar
Master Mentor

@Vas 

The solution is not as simple as just setting a a hostname resolution in /etc/hosts file.

The hostname you type in the NiFi URL must exist as a SAN entry within the PrivateKey located in NiFi keystore configured in the nifi.properties file.

Matt

avatar
Contributor

I faced the same issue such as Java 21 is installed.

Ghilani_0-1708118379568.png

I got this issue:

Ghilani_1-1708118495903.png


as mentioned in a comment above that we need the hostname:

Ghilani_2-1708118565762.png

 

 

avatar
Contributor

Has anyone resolved this issue and would be willing to share their solution?

avatar
Master Mentor

@Ghilani 
1. You are getting same exact Invalid SNI exception?
2. You are using the keystore and truststore built by Apache NiFi out-of-the-box?
3. You tried using "localhost" if Nifi is on same host and browser being used to access it?
4. If browser is on different host then NiFi, did you use the hostname instead of IP address for target host where NiFi is running?
5. Did you list the keystore used by your running NiFi to inspect the SAN entries it has setup?

Thanks,
Matt

avatar
Contributor

Hi @MattWho 
When I attempt to connect using the IP address, I encounter the same message. However, the connection is successful when using 'localhost'. I am aiming to establish a unique DNS name that is distinct from both 'localhost' and the IP address. I'm utilizing Docker to operate Nifi.