Support Questions
Find answers, ask questions, and share your expertise

NiFi Toolkit CLI SSL Errors

NiFi Toolkit CLI SSL Errors

Hey all. I have a NiFi cluster leveraging certificates generated from the tls-toolkit. I am attempting to use the toolkit cli from one node using the private key/client cert from the initial admin identity user. I am encountering the following SSL errors when leveraging the Toolkit cli (via the cli.sh script)

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

I have had success authenticating to the api by using curl and passing the nifi-cert.pem file to the --cacert option (along with the private key and client cert). So it seems that nifi-cert.pem is missing from the truststore that the nifi-api uses. I have tried importing this file (as a der) to the following cacerts files and tested after each import without success:

 
/usr/lib/jvm/java/jre/lib/security/cacerts
/usr/lib/jvm/java-1.8.0-amazon-corretto/jre/lib/security/cacerts
/etc/pki/java/cacerts

I'm out of ideas so any suggestions on how to resolve this issue would be much appreciated.
Thanks.