Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Unable to generate client certificate for Minifi

avatar
Contributor

Hi,

Please, kindly help.

Use Case:

Minifi should send logs to a Secured 3 Nodes Nifi Cluster;

 

Method:

I am trying to generate client certificate on one of the Nifi nodes(https://masternode:9443)to use for minifi configuration file.

I ran this command:

./tls-toolkit.sh client -c masternode -D 'CN=nifiadmin, OU=NIFI' -C /tmp/minifi/ -t nifinifinifinifi

 

ERROR:

tls-toolkit.sh: JAVA_HOME not set; results may vary
[main] INFO org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClient - Requesting new certificate from masternode:9443
[main] INFO org.apache.nifi.toolkit.tls.service.client.TlsCertificateSigningRequestPerformer - Requesting certificate with dn CN=nifiadmin,OU=NIFI from masternode:9443
Service client error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Thank you.

1 ACCEPTED SOLUTION

avatar
Contributor

I finally got it.

I copied one of the standalone truststore.jks & keystore.jks i generated for the server nodes. Then pasted into the conf folder of the Minifi. Also, i updated the yml file with the password( the one i used when generating the certificate) & the path to the truststore.jks & keystore.jks.

So, everything works perfectly.

Thank you.

View solution in original post

2 REPLIES 2

avatar
Contributor

I finally got it.

I copied one of the standalone truststore.jks & keystore.jks i generated for the server nodes. Then pasted into the conf folder of the Minifi. Also, i updated the yml file with the password( the one i used when generating the certificate) & the path to the truststore.jks & keystore.jks.

So, everything works perfectly.

Thank you.

avatar
Community Manager

Congratulations on resolving your issue and thank you for sharing so it may be of assistance to others. 


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.