About DianaTorres

DianaTorres · ‎06-25-2024

@aymenech Welcome to the Cloudera Community! To help you get the best possible solution, I have tagged our CDP experts @venkatsambath @abdulpasithali who may be able to assist you further. Please keep us updated on your post, and we hope you find a satisfactory solution to your query.

DianaTorres · ‎06-24-2024

@Mike_CHU44 Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks.

MaraWang · ‎06-20-2024

It works! Thanks!

Bibiprog · ‎06-19-2024

Tried on 2.0.0-M1, no problem. It looks there is a problem with Jetty v12 introduced at M2. Until potential bug fix, additional conf or workaround, I consider downgrading to M1. Thanks

duhizjame · ‎06-19-2024

We are experiencing the same issue on CDP 7.1.7 calling a spark job from Oozie.

DianaTorres · ‎06-14-2024

@thegreatdakness Welcome to the Cloudera Community! I have reached to you via DM with next steps, thanks!

MattWho · ‎06-14-2024

@helk You can use a single certificate to secure all your nodes, but i would not recommend doing so for security reasons. You risk compromising all your host if any one of them is compromised. Additionally NiFi nodes act as clients and not just servers. This means that all your hosts will identify themselves as the same client (based off DN). So tracking client initiated actions back to a specific node would be more challenging. And if auditing is needed, made very difficult. The SAN is meant to be used to differently. Let's assume you host an endpoint searchengine.com which is back by 100 servers to handle client requests. When a client tries to access searchengine.com that request may get routed to anyone of those 100 servers. The certificate issues to each of those 100 servers is unique to each server; however, every single one of them will have the searchengine.com as an additional SAN entry in addition to their unique hostname. This allows the host verification to still be successful since all 100 are also known as searchengine.com. Your specific issue based on shared output above is caused by the fact that your single certificate does not have "nifi01" in the list of Subject Alternative Names (SAN). It appears you only added nifi02 and nifi03 as SAN entries. The current hostname verification specs no longer use DN for hostname verification. Only the SAN entries are used for that. So all names(hostnames, common names, IPs) that may be used when connecting to a host must be included in the SAN list. NiFi cluster keystore requirements: 1. keystore can contain only ONE privateKeyEntry. 2. PrivateKey can not use wildcards in the DN. 3. PrivateKey must contain both clientAuth and serverAuth Extended Key Usage (EKU). 4. Privatekey must contain at least one SAN entry matching the hostname of server on which keystore will be used. The NiFi truststore must contain the complete trust chain for your cluster node's PrivateKeys. On truststore is typically copied to and used on all nodes. Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt

DianaTorres · ‎06-13-2024

@omeraran Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks.

AkshayAmdocs · ‎06-12-2024

Hi @rki_ , @ChethanYM , @paras , Hope you are doing well! Could you please help us with above issue? Thanks, Akshay

MattWho · ‎06-11-2024

Yes, i believe this to be a legitimate NiFi bug.

Online	Offline
Last Visited	‎01-30-2026 06:38 PM

Member Since	‎11-17-2021 08:08 AM
Last Visited	‎01-30-2026 06:38 PM
Posts	1,128
Kudos received	237

Cloudera Community

Re: Error connecting to NiFi Registry from NiFi UI...

Re: How to change my Account Email Address?

Re: Cannot erase old /opt/cloudera/parcels

Re: Issues Install and Unistall Apache Minifi - Wi...

Re: How to change my company name

Re: How Can Access Cloudera Data Plateform DE or D...

Re: Is it safe to reduce 'Heap dump directory free...

Re: How can I find the version of HBase from Cloud...

Re: Unable to keep connection active with ListenWe...

Re: Oozie job failed due to below error.

Re: Cannot change wrong company name in my profile

Re: Error Securing NiFi Cluster with a Single Cert...

Re: Need Help About Apache NiFi

Re: Kafka Machine not releasing memory from buffrt

Re: Nifi: Flowfile stuck in front of a processor g...