Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

NiFi Slack Integration issue - 1.26.0

Labels:
avatar
author-rank Vikas-Nifi
Explorer

Created on ‎06-26-2024 06:23 AM - edited ‎06-26-2024 06:23 AM

Hi,

Getting below error while calling Slack channel from Nifi. Used putSlack Processor.

"o.apache.nifi.processors.slack.PutSlack : Failed to open connection
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target "

I have added slack cert in to my truststore.

Slack-Cert.png

I am trying to get it tested in local (haven't deployed in to environment server). Added the channel name and webhookURL  (which generated under "companyName.slack.com") 

putSlack.png

Is there anything i need to add it in local truststore to work?.

Please help

@MattWho @SAMSAL @cotopaul 

 

89 Views
0 Kudos
1 REPLY 1

avatar
author-rank MattWho author-rank
Super Mentor

Created ‎07-02-2024 07:33 AM

@Vikas-Nifi 

the following error is directly related to failure to establish certificate trust in the TLS exchange between NiFi's putSlack processor and your slack server:

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target "


The putSlack processor utilizes the StandardRestrictedSSLContextService to define keystore and truststore files the putSlack processor will use.  The truststore must contain the complete trustchain for the target slack server's serverAuth certificate.

You can use:

openssl s_client -connect <companyName.slack.com>:443 -showcerts

to get an output of all public certs included with the serverAuth cert.

I noticed with my slack endpoint that was not the complete trust chain (root CA certificate for ISRG Root X1 was missing from the chain).

You can download the missing rootCA public cert directly from let's encrypt and add it to the truststore set in the StandardRestrictedSSLContextService.

https://letsencrypt.org/certificates/

https://letsencrypt.org/certs/isrgrootx1.pem
https://letsencrypt.org/certs/isrg-root-x2.pem

You might also want to make sure all intermediate CAs are also added and not just the intermediate returned by the openssl command just in case server changes that you get directed to.

Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt



17 Views
0 Kudos
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera Data Services 1.5.4 on Private Cloud Rel...
What's New @ Cloudera
Run your Apache NiFi and Apache Kafka workloads on Kubernete...
What's New @ Cloudera
Cloudera DataFlow now powers GenAI pipelines and supports ch...
Community Announcements
May 2024 Community Highlights
What's New @ Cloudera
Cloudera Operational Database (COD) supports instance group ...
View More Announcements
meetups banner