Created 12-07-2023 08:44 AM
Hello i just installed APACHE Nifi in Linux CentOS and for testing purposes i have this configuration in nifi.properties <pre>nifi.web.https.host=127.0.0.1 nifi.web.https.port=8443 </pre> I saw a solution from here saying that Jetty 10 doesn't accept IP address but instead hostnames, so what I did was to change etc/hosts to 127.0.0.1 -> nifi.local and used that nifi.web.https.host=nifi.local for the configuration of the nifi.properties file. I run in browser https://nifi.local:8443 and i get the same error:( Can someone assist please?
`HTTP ERROR 400 Invalid SNI URI: /nifi STATUS: 400 MESSAGE: Invalid SNI SERVLET: - CAUSED BY: org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI Caused by:
org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:266) at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:207) at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1594) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501) at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:461) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149) at java.base/java.lang.Thread.run(Thread.java:1583)
Created 12-07-2023 08:48 AM
Just to update on what I use. Is latest Nifi 2.0 with Java 21. I double tripled check the nifi.properties file and straight out of the box the keystorep12 and truststorep12 files seem correct. I tried many combinations of IP addresses in the nifi.web.https.host field including raw adresses and hostnames but nothing works for me.. If someone with more experience could help me i would greatly appreciate it!
Created 03-20-2024 01:42 AM
did you find a solution ? @Vas
Created 03-20-2024 12:14 PM
@Vas
The straight out of the box generated keystore and truststore will not have "nifi.local" as a SAN entry.
You could generate your own keystore and truststore with needed SAN entry(s).
If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.
Thank you,
Matt
Created 03-20-2024 02:11 AM
Hi,
In 2.0 , the only thing that worked specially if you use out of the box ssl configuration is placing localhost in nifi.web.https.host property. To use the machine FQDN you need to configure new ssl truststore and keystore against that domain.
Created 05-21-2024 12:57 AM