Support Questions

cjervis · ‎11-29-2021

Hi All,

Our Nifi certificates got expired recently and got a new certificate, followed all the steps like generating truststore,keystore files, generated client certificate, restarted nifi cluster nodes and the nodes started working and connected successfully. There is no abnormality seen in heartbeat as well as beats are received every 5 seconds.We are facing issue accessing Nifi UI from chrome browser after importing the generated client certificate whereas it works perfectly fine in firefox browser. In chrome browser we keep getting "ERR_SSL_BAD_CLIENT_AUTH_CERT". We could see the the request made from firefox in nifi-user.log whereas chrome request is not found. Please help. Thanks.

Regards,

Ilaya

MattWho · ‎12-02-2021

@Ilaya

This is not an issue with NiFi service itself. Chrome for some reason does not like the new certificates being used. I would start by comparing your old certificate with the new and make sure things like ExtendedKeyUsage (EKU) (needs clientAuth and serverAuth) and SubjectAlternativeName (SAN) entries are compete and accurate. Make sure that the complete authority trust chain for your new certificate is present in you browser.

Perhaps this resource maybe helpful as well:
https://thegeekpage.com/bad-ssl-client-auth-cert/

If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post.

Thank you,

Matt

Cloudera Community

Support Questions

Unable to connect to NiFi UI from chrome browser after importing client certificate