Created 07-13-2023 01:09 PM
We are facing no applicable policies issue on nifi ui ,then we renew Kerberos tickit it works ,but after that we got know that cluster status is disconnected
And git below popup.
Please help in this, nifi-app.log not showing any errorexcept one warn, failed to send heartbeat to nifi.cluster.protocal.protocalexception, PKIX validation failed
Created 06-18-2024 01:10 AM
This warning indicates that there might be an issue with the PKIX validation, which is related to the SSL certificates. PKIX validation is used to verify the trustworthiness of SSL certificates during the SSL handshake process. If the validation fails, it means that the SSL certificate cannot be trusted, potentially leading to connection issues. To resolve this issue, you can try the following steps:
1. Check the SSL certificate configuration: Verify that the SSL certificates are correctly configured in the Nifi cluster. Ensure that the certificates are valid and trusted.
2. Check the keystore and truststore: Ensure that the Keystore and Truststore files are properly configured and contain the necessary certificates. Make sure that they have not expired or been revoked.
3. Verify the server's hostname: Ensure that the server hostname in the SSL certificate matches the actual hostname of the Nifi cluster. If they do not match, it can cause PKIX validation failures.
4. Check the time synchronization: Ensure that the system time on all the machines in the Nifi cluster is synchronized. A time difference between machines can lead to certificate validation issues.
5. Update the Java truststore: If the SSL certificate is self-signed or issued by an intermediate CA, it might not be recognized by Java by default. You may need to import the certificate into the Java truststore using the keytool utility.
6. Restart Nifi and validate the cluster status: After making any changes or adjustments, restart Nifi and monitor the cluster status. Check if the disconnectivity issue is resolved.
Created 06-18-2024 01:10 AM
This warning indicates that there might be an issue with the PKIX validation, which is related to the SSL certificates. PKIX validation is used to verify the trustworthiness of SSL certificates during the SSL handshake process. If the validation fails, it means that the SSL certificate cannot be trusted, potentially leading to connection issues. To resolve this issue, you can try the following steps:
1. Check the SSL certificate configuration: Verify that the SSL certificates are correctly configured in the Nifi cluster. Ensure that the certificates are valid and trusted.
2. Check the keystore and truststore: Ensure that the Keystore and Truststore files are properly configured and contain the necessary certificates. Make sure that they have not expired or been revoked.
3. Verify the server's hostname: Ensure that the server hostname in the SSL certificate matches the actual hostname of the Nifi cluster. If they do not match, it can cause PKIX validation failures.
4. Check the time synchronization: Ensure that the system time on all the machines in the Nifi cluster is synchronized. A time difference between machines can lead to certificate validation issues.
5. Update the Java truststore: If the SSL certificate is self-signed or issued by an intermediate CA, it might not be recognized by Java by default. You may need to import the certificate into the Java truststore using the keytool utility.
6. Restart Nifi and validate the cluster status: After making any changes or adjustments, restart Nifi and monitor the cluster status. Check if the disconnectivity issue is resolved.