Support Questions

Find answers, ask questions, and share your expertise

Unable to generate client certificate for Minifi

Rising Star

Hi,

Please, kindly help.

Use Case:

Minifi should send logs to a Secured 3 Nodes Nifi Cluster;

 

Method:

I am trying to generate client certificate on one of the Nifi nodes(https://masternode:9443)to use for minifi configuration file.

I ran this command:

./tls-toolkit.sh client -c masternode -D 'CN=nifiadmin, OU=NIFI' -C /tmp/minifi/ -t nifinifinifinifi

 

ERROR:

tls-toolkit.sh: JAVA_HOME not set; results may vary
[main] INFO org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClient - Requesting new certificate from masternode:9443
[main] INFO org.apache.nifi.toolkit.tls.service.client.TlsCertificateSigningRequestPerformer - Requesting certificate with dn CN=nifiadmin,OU=NIFI from masternode:9443
Service client error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Thank you.

1 ACCEPTED SOLUTION

Rising Star

I finally got it.

I copied one of the standalone truststore.jks & keystore.jks i generated for the server nodes. Then pasted into the conf folder of the Minifi. Also, i updated the yml file with the password( the one i used when generating the certificate) & the path to the truststore.jks & keystore.jks.

So, everything works perfectly.

Thank you.

View solution in original post

2 REPLIES 2

Rising Star

I finally got it.

I copied one of the standalone truststore.jks & keystore.jks i generated for the server nodes. Then pasted into the conf folder of the Minifi. Also, i updated the yml file with the password( the one i used when generating the certificate) & the path to the truststore.jks & keystore.jks.

So, everything works perfectly.

Thank you.

Community Manager

Congratulations on resolving your issue and thank you for sharing so it may be of assistance to others. 


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.