@SachinMehndirat
The exception comes from java and not NiFi's core code base. The exception is possibly being thrown as a result of a failed mutual TLS handshake. Without the complete stack trace and preceding log output it is difficult to give a detailed response here, so below is based on assumptions from what little has been shared.
However, when you see "chain" issues (keeping in mind that output shared is incomplete), that points at missing TrustedCertEntry(s) in the truststore used one side or the other of that TLS handshake. Both the client and server sides of a TLS handshake present their clientAuth or serverAuth certificate info. These PrivateKeyEntry certificates will have an owner and issuer (signing Certificate Authority (CA) for the owner). In order for the receiving sides to trust the certificate presented from the other side, it must trust that CA. This means that within its truststore, it must have a TrustedCertEntry for the CA that signed the PrivateKey presented in the TLS handshake. BUT... it does not end there. The CA may be an intermediate CA meaning that the certificate for that CA was signed by yet another CA. In that case the truststore would also need the TrustedCertEntry for the next CA in that chain of authority. A complete trust "chain" would consist of all CAs from signer of PrivateKey to the root CA (root CA public key will have same Distinguished Name (DN) for both owner and signer of the TrustedCertEntry).
So on one side or the other you do not have the complete trustchain in the truststore.
If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.
Thank you,
Matt
