Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Access failed after apache nifi installation

avatar
New Contributor

HTTP ERROR 400 Invalid SNI

URI:STATUS:MESSAGE:SERVLET:CAUSED BY:

URI: /nifi
STATUS: 400
MESSAGE: Invalid SNI
SERVLET: -
CAUSED BY: org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI

Caused by:

org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI
at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:266)
at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:207)
at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1594)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:461)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:193)
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:208)
at org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:116)
at org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:451)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:125)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
at java.base/java.lang.Thread.run(Thread.java:1583)

5 REPLIES 5

avatar
New Contributor

Are you trying to access NiFi using an IP address in your browser? I got the same SNI error, but got round it by using the hostname...

avatar
Super Mentor

@whoknows 

Apache NiFi 2.0.0-M1 requires Java 21 and utilizes Jetty 10.  This results in needing to comply with the SNI specification.  

So the URL used to access your NiFi can not use an IP address and the hostname used must match a hostname found in the SAN entries list with the NiFi's configured keystore PrivateKeyEntry.

Apache NiFi 2.0 out-of-the-box will generate a keystore and truststore.  The keystore will contain a PrivateKeyEntry with a SAN entry for localhost and the server hostname.

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

avatar
New Contributor

Hello , I have same issue and i tried the recommended solution but none of this works the same error still persists. I tried setting in /etc/hosts file my IP addresses as different names like my.nifi.server , my.server.com etc.. and set that in the nifi.properties file yet no difference in the error. I restarted several times and log error persists.

avatar
Super Mentor

@Vas 

The solution is not as simple as just setting a a hostname resolution in /etc/hosts file.

The hostname you type in the NiFi URL must exist as a SAN entry within the PrivateKey located in NiFi keystore configured in the nifi.properties file.

Matt

avatar
Explorer

I faced the same issue such as Java 21 is installed.

Ghilani_0-1708118379568.png

I got this issue:

Ghilani_1-1708118495903.png


as mentioned in a comment above that we need the hostname:

Ghilani_2-1708118565762.png