Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

nifi tls-toolkit service client error

nifi tls-toolkit service client error

New Contributor
Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/nifi.py", line 231, in <module>
    Master().execute()
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 375, in execute
    method(env)
  File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/nifi.py", line 152, in start
    self.configure(env, is_starting = True)
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 120, in locking_configure
    original_configure(obj, *args, **kw)
  File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/nifi.py", line 105, in configure
    params.nifi_properties = nifi_toolkit_util.setup_keystore_truststore(is_starting, params, config_version_file)
  File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/nifi_toolkit_util.py", line 360, in setup_keystore_truststore
    params.toolkit_tmp_dir, params.stack_support_toolkit_update)
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/decorator.py", line 62, in wrapper
    return function(*args, **kwargs)
  File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/nifi_toolkit_util.py", line 389, in run_toolkit_client
    raise Fail("Call to tls-toolkit encountered error: {0}".format(out))
resource_management.core.exceptions.Fail: Call to tls-toolkit encountered error: 2018/04/18 06:57:43 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClient: Requesting new certificate from hostname:10443
2018/04/18 06:57:44 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateSigningRequestPerformer: Requesting certificate with dn CN=hostname.net,OU=HORTONWORKS from hostname:10443
Service client error: Certificate for <hostname> doesn't match any of the subject alternative names: []

Usage: tls-toolkit service [-h] [args]

Services:
   standalone: Creates certificates and config files for nifi cluster.
   server: Acts as a Certificate Authority that can be used by clients to get Certificates
   client: Generates a private key and gets it signed by the certificate authority. 

status: Checks the status of an HTTPS endpoint by making a GET request using a supplied keystore and truststore.

1 REPLY 1

Re: nifi tls-toolkit service client error

New Contributor

Hello, did you ever find a solution to this? I am experiencing the exact same issue on my cluster.

Don't have an account?
Coming from Hortonworks? Activate your account here