Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Unable to generate client certificate for Minifi

avatar
author-rank rafy
Contributor

Created ‎06-26-2022 11:34 PM

Hi,

Please, kindly help.

Use Case:

Minifi should send logs to a Secured 3 Nodes Nifi Cluster;

 

Method:

I am trying to generate client certificate on one of the Nifi nodes(https://masternode:9443)to use for minifi configuration file.

I ran this command:

./tls-toolkit.sh client -c masternode -D 'CN=nifiadmin, OU=NIFI' -C /tmp/minifi/ -t nifinifinifinifi

 

ERROR:

tls-toolkit.sh: JAVA_HOME not set; results may vary
[main] INFO org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClient - Requesting new certificate from masternode:9443
[main] INFO org.apache.nifi.toolkit.tls.service.client.TlsCertificateSigningRequestPerformer - Requesting certificate with dn CN=nifiadmin,OU=NIFI from masternode:9443
Service client error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Thank you.

1,212 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank rafy
Contributor

Created ‎06-28-2022 09:43 PM

I finally got it.

I copied one of the standalone truststore.jks & keystore.jks i generated for the server nodes. Then pasted into the conf folder of the Minifi. Also, i updated the yml file with the password( the one i used when generating the certificate) & the path to the truststore.jks & keystore.jks.

So, everything works perfectly.

Thank you.

View solution in original post

1,183 Views
2 REPLIES 2

avatar
author-rank rafy
Contributor

Created ‎06-28-2022 09:43 PM

I finally got it.

I copied one of the standalone truststore.jks & keystore.jks i generated for the server nodes. Then pasted into the conf folder of the Minifi. Also, i updated the yml file with the password( the one i used when generating the certificate) & the path to the truststore.jks & keystore.jks.

So, everything works perfectly.

Thank you.

1,184 Views

avatar
author-rank cjervis author-rank
Community Manager

Created ‎06-29-2022 04:58 AM

Congratulations on resolving your issue and thank you for sharing so it may be of assistance to others. 


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
1,167 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements