Support Questions

Find answers, ask questions, and share your expertise

Faceing Cluster connection issue with nifi ui

avatar
Explorer

We are facing no applicable policies issue on nifi ui ,then we renew Kerberos tickit it works ,but after that we got know that cluster status is disconnected

And git below popup. 

IMG20230714013221.jpg

 

 

 

 

 

 

Please help in this, nifi-app.log not showing any errorexcept one warn, failed to send heartbeat to nifi.cluster.protocal.protocalexception, PKIX validation failed

 

1 ACCEPTED SOLUTION

avatar
Master Collaborator

This warning indicates that there might be an issue with the PKIX validation, which is related to the SSL certificates. PKIX validation is used to verify the trustworthiness of SSL certificates during the SSL handshake process. If the validation fails, it means that the SSL certificate cannot be trusted, potentially leading to connection issues. To resolve this issue, you can try the following steps:

1. Check the SSL certificate configuration: Verify that the SSL certificates are correctly configured in the Nifi cluster. Ensure that the certificates are valid and trusted.

2. Check the keystore and truststore: Ensure that the Keystore and Truststore files are properly configured and contain the necessary certificates. Make sure that they have not expired or been revoked.

3. Verify the server's hostname: Ensure that the server hostname in the SSL certificate matches the actual hostname of the Nifi cluster. If they do not match, it can cause PKIX validation failures.

4. Check the time synchronization: Ensure that the system time on all the machines in the Nifi cluster is synchronized. A time difference between machines can lead to certificate validation issues.

5. Update the Java truststore: If the SSL certificate is self-signed or issued by an intermediate CA, it might not be recognized by Java by default. You may need to import the certificate into the Java truststore using the keytool utility.

6. Restart Nifi and validate the cluster status: After making any changes or adjustments, restart Nifi and monitor the cluster status. Check if the disconnectivity issue is resolved. 

View solution in original post

1 REPLY 1

avatar
Master Collaborator

This warning indicates that there might be an issue with the PKIX validation, which is related to the SSL certificates. PKIX validation is used to verify the trustworthiness of SSL certificates during the SSL handshake process. If the validation fails, it means that the SSL certificate cannot be trusted, potentially leading to connection issues. To resolve this issue, you can try the following steps:

1. Check the SSL certificate configuration: Verify that the SSL certificates are correctly configured in the Nifi cluster. Ensure that the certificates are valid and trusted.

2. Check the keystore and truststore: Ensure that the Keystore and Truststore files are properly configured and contain the necessary certificates. Make sure that they have not expired or been revoked.

3. Verify the server's hostname: Ensure that the server hostname in the SSL certificate matches the actual hostname of the Nifi cluster. If they do not match, it can cause PKIX validation failures.

4. Check the time synchronization: Ensure that the system time on all the machines in the Nifi cluster is synchronized. A time difference between machines can lead to certificate validation issues.

5. Update the Java truststore: If the SSL certificate is self-signed or issued by an intermediate CA, it might not be recognized by Java by default. You may need to import the certificate into the Java truststore using the keytool utility.

6. Restart Nifi and validate the cluster status: After making any changes or adjustments, restart Nifi and monitor the cluster status. Check if the disconnectivity issue is resolved.