Support Questions

Find answers, ask questions, and share your expertise
Celebrating as our community reaches 100,000 members! Thank you!

Apache Nifi Invalid SNI

New Contributor

Hello i just installed APACHE Nifi in Linux CentOS and for testing purposes i have this configuration in <pre> nifi.web.https.port=8443 </pre> I saw a solution from here saying that Jetty 10 doesn't accept IP address but instead hostnames, so what I did was to change etc/hosts to -> nifi.local and used that for the configuration of the file. I run in browser https://nifi.local:8443 and i get the same error:( Can someone assist please?

`HTTP ERROR 400 Invalid SNI URI: /nifi STATUS: 400 MESSAGE: Invalid SNI SERVLET: - CAUSED BY: org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI Caused by:

org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI at org.eclipse.jetty.server.SecureRequestCustomizer.customize( at org.eclipse.jetty.server.SecureRequestCustomizer.customize( at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch( at org.eclipse.jetty.server.HttpChannel.dispatch( at org.eclipse.jetty.server.HttpChannel.handle( at at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob( at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob( at org.eclipse.jetty.util.thread.QueuedThreadPool$ at java.base/


New Contributor

Just to update on what I use. Is latest Nifi 2.0 with Java 21. I double tripled check the file and straight out of the box the keystorep12 and truststorep12 files seem correct. I tried many combinations of IP addresses in the field including raw adresses and hostnames but nothing works for me.. If someone with more experience could help me i would greatly appreciate it! 

New Contributor

did you find a solution ? @Vas 

Super Mentor

The straight out of the box generated keystore and truststore will not have "nifi.local" as a SAN entry.  

You could generate your own keystore and truststore with needed SAN entry(s).

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,



In 2.0 , the only thing that worked specially if you use out of the box ssl configuration is placing localhost in property. To use the machine FQDN you need to configure new ssl truststore and keystore against that domain.

Expert Contributor