Support Questions

Find answers, ask questions, and share your expertise
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

nifi tls-toolkit service client error

Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/", line 231, in <module>
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/", line 375, in execute
  File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/", line 152, in start
    self.configure(env, is_starting = True)
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/", line 120, in locking_configure
    original_configure(obj, *args, **kw)
  File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/", line 105, in configure
    params.nifi_properties = nifi_toolkit_util.setup_keystore_truststore(is_starting, params, config_version_file)
  File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/", line 360, in setup_keystore_truststore
    params.toolkit_tmp_dir, params.stack_support_toolkit_update)
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/functions/", line 62, in wrapper
    return function(*args, **kwargs)
  File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/", line 389, in run_toolkit_client
    raise Fail("Call to tls-toolkit encountered error: {0}".format(out))
resource_management.core.exceptions.Fail: Call to tls-toolkit encountered error: 2018/04/18 06:57:43 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClient: Requesting new certificate from hostname:10443
2018/04/18 06:57:44 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateSigningRequestPerformer: Requesting certificate with dn,OU=HORTONWORKS from hostname:10443
Service client error: Certificate for <hostname> doesn't match any of the subject alternative names: []

Usage: tls-toolkit service [-h] [args]

   standalone: Creates certificates and config files for nifi cluster.
   server: Acts as a Certificate Authority that can be used by clients to get Certificates
   client: Generates a private key and gets it signed by the certificate authority. 

status: Checks the status of an HTTPS endpoint by making a GET request using a supplied keystore and truststore.


New Contributor

Hello, did you ever find a solution to this? I am experiencing the exact same issue on my cluster.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.