I've looked at its output via openssl and it indicates a self-signed certificate for the grant.   The output I fed back above. I don't know if you have viewed any errors that I haven't noticed. ... View more

[root@runtime-1 /opt/orchsym/runtime-ee]# openssl s_client -connect runtime-1.runtime-statefulset.default.svc.cluster.local:443 -showcerts CONNECTED(00000003) depth=1 OU = orchsym.com, CN = ca verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:/OU=orchsym.com/CN=runtime-1.runtime-statefulset.default.svc.cluster.local i:/OU=orchsym.com/CN=ca -----BEGIN CERTIFICATE----- MIIDZTCCAk2gAwIBAgIJAOda8vSMjty7MA0GCSqGSIb3DQEBCwUAMCMxFDASBgNV BAsMC29yY2hzeW0uY29tMQswCQYDVQQDDAJjYTAgFw0yNDAxMDkxNjU5NTlaGA8y MDUxMDUyNjE2NTk1OVowWDEUMBIGA1UECwwLb3JjaHN5bS5jb20xQDA+BgNVBAMM N3J1bnRpbWUtMS5ydW50aW1lLXN0YXRlZnVsc2V0LmRlZmF1bHQuc3ZjLmNsdXN0 ZXIubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiqFVT+BcV L/7RdRz26cXeUw8ifP3omnTm3f4MzRHOOvlJMqQaoUdsDTooReYl4uF07vPmewGG iOKhU4R4veucf9WNIzCY52PaDlcnPDcQhJisytHK+L+Cca5kNZ+eUzk8ywe5zR1a t760THdweuHNeh9UaKkXgjDu0XdWh80VQ2rWOrbsJzikyUlAZ7olV/boGXD05EtX mUG0a5K9KOccPn7HLOv3nOas0fqWDj2bYhxhCU8dwT2LaiNbsIyph7INZGp8ZxzT T70ZpDJKguzGOSZwRTEyvCC3CjqjS4CWPB5RPQEYKHrPc0t5bXuixToITySgIX1/ BPL8RxftkpDFAgMBAAGjZTBjMEIGA1UdEQQ7MDmCN3J1bnRpbWUtMS5ydW50aW1l LXN0YXRlZnVsc2V0LmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCS1zXSEU72 GF7K9L6Cjdc9dTB8/+d31IDPzQBPwtBTjHODz3PSYCaXnf08CZzEcM4KrzXrBfeM LFjRnfD7tpM06hfRAqnACfAF5I9M6P6tXopaTQ5YOHerDnJJgvStdYd0yAh19/zu 8+Qvmjd5bdZ1h9adA1wXbvWfL1hEbJUHs/Zjx0qDYP4R06pM+TR6SbjCNxqvsJDJ 8ELpNp8Ykda7ht0vFqILAhJgNK4OV6Akklfv/Tkk0KXTMmws/tLfhz+MuLu/uj2f p0BHlwUniIo2IthM0DAOSBJblZhGdCbMeNh2SiLMQ1Xg2QX3L0g5CZK84TRnnuKH MNWaCMfYo6Yv -----END CERTIFICATE----- 1 s:/OU=orchsym.com/CN=ca i:/OU=orchsym.com/CN=ca -----BEGIN CERTIFICATE----- MIIDGTCCAgGgAwIBAgIJANdiG5dyjQzgMA0GCSqGSIb3DQEBCwUAMCMxFDASBgNV BAsMC29yY2hzeW0uY29tMQswCQYDVQQDDAJjYTAeFw0yNDAxMDgxNTUwMzRaFw0z NDAxMDUxNTUwMzRaMCMxFDASBgNVBAsMC29yY2hzeW0uY29tMQswCQYDVQQDDAJj YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANsBJ0dfZkk1efw2EgKt 3b8AynVDq3B/UKRmtkVJmvH+Ja4lfqlpcZMO8L4cCNOHJzEPHFSitlQoagTmiBL0 axnrd5upk3UlM/JctZOCBVwR9d2t0RE6Z7P7HAaFyxJXGj7oYC7xjYxuVVuN56B9 BTZWX6X9k2Dz659cTsLsQGc0Uf69chuUvN0kycm3DpKBRVSg2kc8e9Rbnn+w69J6 fE6goEixE5ysZAwzDTUHnx9GiRI0l8BEOqki8yoGahRZzEBw3OpWfvStqfXROMN/ +mPzN9EHAowyNGLbjbusmDAsJ7ojB39klxm8qvUDY71sVY7stGoCUxXLvTRgXAct xo0CAwEAAaNQME4wHQYDVR0OBBYEFGU5/OVYAsw5Vg6b9KTuu6y5/OmzMB8GA1Ud IwQYMBaAFGU5/OVYAsw5Vg6b9KTuu6y5/OmzMAwGA1UdEwQFMAMBAf8wDQYJKoZI hvcNAQELBQADggEBAKnim+IdTeDy7KmWZxAyj2qGyz/cSK2dqkYU1iLcc492mXFU RtD+ZTI7zGOFfZ1i7TIX7+Or2SjJ1EeCBUJLVt0nHnESWQR7TlTn03wFwLyf95Bd 3e+OqDUdj3DhWp1bfb0JIbWBA6nLBNLOjgCjpV/X8m9o0+3E6FV/zjbjUNlpZXra Gwmi839Ko+9KX/44tTgLMQKB34H28k4HBnunnD/GUImXYchzeSnlmFpheKQ0/MVM LVDSX3BZFPpImmmaqithUOT+MRRfQL/MRpVqLy1oja5RVpP+kKPZxo2p9wn3heyP PjaC4NSkV6E4hdddOkVIz01jO9Bxse9aCpfPo34= -----END CERTIFICATE----- --- Server certificate subject=/OU=orchsym.com/CN=runtime-1.runtime-statefulset.default.svc.cluster.local issuer=/OU=orchsym.com/CN=ca --- Acceptable client certificate CA names /OU=orchsym.com/CN=ca Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1 Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 2290 bytes and written 483 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-SHA384 Session-ID: 659D7F31DA4A0985B0E70BC8EBF9000310D5D5959F18ADB88E42283E98010508 Session-ID-ctx: Master-Key: 0E9CE0E6F358A489908FA748D77876B1A66B6D8FDF9BC906BEC55442700D0A59EBF62AED6A88D42FD4FF4A375BBE1438 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1704820529 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- ... View more

[root@runtime-1 /opt/orchsym/runtime-ee]# openssl s_client -connect runtime-0.runtime-statefulset.default.svc.cluster.local:443 -showcerts CONNECTED(00000003) depth=1 OU = orchsym.com, CN = ca verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:/OU=orchsym.com/CN=runtime-0.runtime-statefulset.default.svc.cluster.local i:/OU=orchsym.com/CN=ca -----BEGIN CERTIFICATE----- MIIDZTCCAk2gAwIBAgIJAMjrw8P09eTSMA0GCSqGSIb3DQEBCwUAMCMxFDASBgNV BAsMC29yY2hzeW0uY29tMQswCQYDVQQDDAJjYTAgFw0yNDAxMDkxNzAwMzVaGA8y MDUxMDUyNjE3MDAzNVowWDEUMBIGA1UECwwLb3JjaHN5bS5jb20xQDA+BgNVBAMM N3J1bnRpbWUtMC5ydW50aW1lLXN0YXRlZnVsc2V0LmRlZmF1bHQuc3ZjLmNsdXN0 ZXIubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYDBOx7r3e 33zFDM8VilMZU4J/oWYKUe0eesd9gWsqIMUm26/ImQVN0aQIrOylLOLftcEXkQp8 BAkuo+IgbBzoQBEqDmHsktwcLld+04tRQMijL7RbieqN0sMqoHs/XRdB7bhfel73 ffnBQ2nctZCynuTQ7aem5ubzKMm5oQRPXPB5jJ3A5FwKy/F4lpdJsEZRVVohl0xt kTIxpxvEu8OpuElajh34Lhn59yVNS4qkubsOE7ll+RPzHve0YeuUZXEjK41N3zLI zNe5HDVGYpI6sQdGinY/u+2lP5Vm7LDFm67PjT/LfrQ/g5CRzo1dHxyniN0zuSg2 VTIV94Z8takhAgMBAAGjZTBjMEIGA1UdEQQ7MDmCN3J1bnRpbWUtMC5ydW50aW1l LXN0YXRlZnVsc2V0LmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQDFAmP0YLbN Cy0d/QPiXYhbOLWEGC+/Y1xMMIxfo6uxlhThp97IU0AFk9Q9sC/DTZ092+Mccp3w eImOswQWiHjT+CKYpwpgnD5lQLf1l/6WNT/ffnRoCVH/iq6kkRp38KUI0l205kAw 2ZKlbS8AC1GC6U4ZEETgUjN1kSbgo3iA6oq9RKd0vi9gC3OfZg9NeSUGbil1rFrt 9jtGQgqu0WGe/mVFJ6wqS4yXvSavAVCpm7AQh00CwgtCGTIZ/zZmO9YtW/LwdTfC h80ypeUVyekzpFANNPSjMp2JgP4PuwUX+RITq86n2biIQAgPf5KgGvvOgd4cEY2w E6m0oHH8zgY0 -----END CERTIFICATE----- 1 s:/OU=orchsym.com/CN=ca i:/OU=orchsym.com/CN=ca -----BEGIN CERTIFICATE----- MIIDGTCCAgGgAwIBAgIJANdiG5dyjQzgMA0GCSqGSIb3DQEBCwUAMCMxFDASBgNV BAsMC29yY2hzeW0uY29tMQswCQYDVQQDDAJjYTAeFw0yNDAxMDgxNTUwMzRaFw0z NDAxMDUxNTUwMzRaMCMxFDASBgNVBAsMC29yY2hzeW0uY29tMQswCQYDVQQDDAJj YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANsBJ0dfZkk1efw2EgKt 3b8AynVDq3B/UKRmtkVJmvH+Ja4lfqlpcZMO8L4cCNOHJzEPHFSitlQoagTmiBL0 axnrd5upk3UlM/JctZOCBVwR9d2t0RE6Z7P7HAaFyxJXGj7oYC7xjYxuVVuN56B9 BTZWX6X9k2Dz659cTsLsQGc0Uf69chuUvN0kycm3DpKBRVSg2kc8e9Rbnn+w69J6 fE6goEixE5ysZAwzDTUHnx9GiRI0l8BEOqki8yoGahRZzEBw3OpWfvStqfXROMN/ +mPzN9EHAowyNGLbjbusmDAsJ7ojB39klxm8qvUDY71sVY7stGoCUxXLvTRgXAct xo0CAwEAAaNQME4wHQYDVR0OBBYEFGU5/OVYAsw5Vg6b9KTuu6y5/OmzMB8GA1Ud IwQYMBaAFGU5/OVYAsw5Vg6b9KTuu6y5/OmzMAwGA1UdEwQFMAMBAf8wDQYJKoZI hvcNAQELBQADggEBAKnim+IdTeDy7KmWZxAyj2qGyz/cSK2dqkYU1iLcc492mXFU RtD+ZTI7zGOFfZ1i7TIX7+Or2SjJ1EeCBUJLVt0nHnESWQR7TlTn03wFwLyf95Bd 3e+OqDUdj3DhWp1bfb0JIbWBA6nLBNLOjgCjpV/X8m9o0+3E6FV/zjbjUNlpZXra Gwmi839Ko+9KX/44tTgLMQKB34H28k4HBnunnD/GUImXYchzeSnlmFpheKQ0/MVM LVDSX3BZFPpImmmaqithUOT+MRRfQL/MRpVqLy1oja5RVpP+kKPZxo2p9wn3heyP PjaC4NSkV6E4hdddOkVIz01jO9Bxse9aCpfPo34= -----END CERTIFICATE----- --- Server certificate subject=/OU=orchsym.com/CN=runtime-0.runtime-statefulset.default.svc.cluster.local issuer=/OU=orchsym.com/CN=ca --- Acceptable client certificate CA names /OU=orchsym.com/CN=ca Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1 Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 2290 bytes and written 483 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-SHA384 Session-ID: 659D7F10CB1256340096AE6B793A0EF99256807F5742D7B70EC637F0C1C8B5B6 Session-ID-ctx: Master-Key: 3954CAAFF578E3D28D47394B42DBD2CE432D0D86C1D2C1D560BB2AF1E6AF982E812B40AD0D6142A2990622726C4B5399 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1704820496 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- ... View more

It was after I logged in that the problem occurred. ... View more

Ignore the difference between runtime-0.runtime-statefulset.default.svc.cluster.local and runtime-0.runtime-statefulseheadless.default.svc.cluster.local, because I'm putting the dns of the current cluster node from the former to the latter. ... View more

Yes, all other nodes are issued with the same CA certificate. Here are the details of my certificate： runtime-0 node： [root@runtime-0 /opt/orchsym/runtime-ee/conf]# keytool -v -list -keystore keystore.jks Enter keystore password: Keystore type: jks Keystore provider: SUN   Your keystore contains 1 entry   Alias name: runtime-0.runtime-statefulseheadless.default.svc.cluster.local Creation date: Jan 9, 2024 Entry type: PrivateKeyEntry Certificate chain length: 2 Certificate[1]: Owner: CN=runtime-0.runtime-statefulseheadless.default.svc.cluster.local, OU=orchsym.com Issuer: CN=ca, OU=orchsym.com Serial number: 95a5fed51b7682f7 Valid from: Tue Jan 09 11:28:46 CST 2024 until: Fri May 26 11:28:46 CST 2051 Certificate fingerprints: MD5:  F5:47:4A:ED:84:39:A6:CE:2E:3F:66:E2:9F:13:85:CF SHA1: C4:B8:DB:86:AB:7C:7F:60:16:7B:02:64:67:E0:82:67:65:F9:C9:55 SHA256: 54:55:A1:C6:BE:5F:F4:2A:8B:AB:05:F1:23:A6:AF:62:3F:4C:1F:97:F7:86:CD:7F:44:27:82:AA:28:78:D6:B5 Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3   Extensions:   #1: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [   serverAuth   clientAuth ]   #2: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [   DNSName: runtime-0.runtime-statefulseheadless.default.svc.cluster.local ]   Certificate[2]: Owner: CN=ca, OU=orchsym.com Issuer: CN=ca, OU=orchsym.com Serial number: d7621b97728d0ce0 Valid from: Mon Jan 08 23:50:34 CST 2024 until: Thu Jan 05 23:50:34 CST 2034 Certificate fingerprints: MD5:  66:8E:AA:A6:9B:66:E8:48:43:F0:AB:EF:7C:4A:28:09 SHA1: DD:EB:20:4E:D1:39:86:87:65:21:6D:BF:8A:FE:35:CB:EB:80:6D:75 SHA256: AE:F6:10:DE:50:D2:B2:08:A9:7E:BC:1F:21:89:B7:D4:AD:DB:02:C5:E3:C3:B4:38:FF:28:61:07:A9:EB:B9:4D Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3   Extensions:   #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 65 39 FC E5 58 02 CC 39   56 0E 9B F4 A4 EE BB AC  e9..X..9V....... 0010: B9 FC E9 B3                                        .... ] ]   #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[   CA:true   PathLen:2147483647 ]   #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 65 39 FC E5 58 02 CC 39   56 0E 9B F4 A4 EE BB AC  e9..X..9V....... 0010: B9 FC E9 B3                                        .... ] ]       ******************************************* *******************************************   [root@runtime-0 /opt/orchsym/runtime-ee/conf]# keytool -v -list -keystore truststore.jks Enter keystore password: Keystore type: jks Keystore provider: SUN   Your keystore contains 1 entry   Alias name: ca Creation date: Jan 9, 2024 Entry type: trustedCertEntry   Owner: CN=ca, OU=orchsym.com Issuer: CN=ca, OU=orchsym.com Serial number: d7621b97728d0ce0 Valid from: Mon Jan 08 23:50:34 CST 2024 until: Thu Jan 05 23:50:34 CST 2034 Certificate fingerprints: MD5:  66:8E:AA:A6:9B:66:E8:48:43:F0:AB:EF:7C:4A:28:09 SHA1: DD:EB:20:4E:D1:39:86:87:65:21:6D:BF:8A:FE:35:CB:EB:80:6D:75 SHA256: AE:F6:10:DE:50:D2:B2:08:A9:7E:BC:1F:21:89:B7:D4:AD:DB:02:C5:E3:C3:B4:38:FF:28:61:07:A9:EB:B9:4D Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3   Extensions:   #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 65 39 FC E5 58 02 CC 39   56 0E 9B F4 A4 EE BB AC  e9..X..9V....... 0010: B9 FC E9 B3                                        .... ] ]   #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[   CA:true   PathLen:2147483647 ]   #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 65 39 FC E5 58 02 CC 39   56 0E 9B F4 A4 EE BB AC  e9..X..9V....... 0010: B9 FC E9 B3                                        .... ] ]       ******************************************* *******************************************     runtime-1 node：   [root@runtime-1 /opt/orchsym/runtime-ee/conf]# keytool -v -list -keystore keystore.jks Enter keystore password: Keystore type: jks Keystore provider: SUN   Your keystore contains 1 entry   Alias name: runtime-1.runtime-statefulseheadless.default.svc.cluster.local Creation date: Jan 9, 2024 Entry type: PrivateKeyEntry Certificate chain length: 2 Certificate[1]: Owner: CN=runtime-1.runtime-statefulseheadless.default.svc.cluster.local, OU=orchsym.com Issuer: CN=ca, OU=orchsym.com Serial number: daf0d7df943156cf Valid from: Tue Jan 09 11:28:51 CST 2024 until: Fri May 26 11:28:51 CST 2051 Certificate fingerprints: MD5:  75:3E:10:50:EB:4E:47:CE:8C:0C:F2:D5:AE:9D:99:44 SHA1: 7D:A4:B0:07:CA:F1:D2:39:42:EE:91:A7:68:02:92:E1:5D:75:CF:D6 SHA256: 05:7E:8A:AC:0C:9B:EE:AE:F9:41:44:AF:69:66:50:8D:32:83:77:48:CC:2F:9D:91:35:33:B4:2D:2A:47:61:E2 Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3   Extensions:   #1: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [   serverAuth   clientAuth ]   #2: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [   DNSName: runtime-1.runtime-statefulseheadless.default.svc.cluster.local ]   Certificate[2]: Owner: CN=ca, OU=orchsym.com Issuer: CN=ca, OU=orchsym.com Serial number: d7621b97728d0ce0 Valid from: Mon Jan 08 23:50:34 CST 2024 until: Thu Jan 05 23:50:34 CST 2034 Certificate fingerprints: MD5:  66:8E:AA:A6:9B:66:E8:48:43:F0:AB:EF:7C:4A:28:09 SHA1: DD:EB:20:4E:D1:39:86:87:65:21:6D:BF:8A:FE:35:CB:EB:80:6D:75 SHA256: AE:F6:10:DE:50:D2:B2:08:A9:7E:BC:1F:21:89:B7:D4:AD:DB:02:C5:E3:C3:B4:38:FF:28:61:07:A9:EB:B9:4D Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3   Extensions:   #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 65 39 FC E5 58 02 CC 39   56 0E 9B F4 A4 EE BB AC  e9..X..9V....... 0010: B9 FC E9 B3                                        .... ] ]   #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[   CA:true   PathLen:2147483647 ]   #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 65 39 FC E5 58 02 CC 39   56 0E 9B F4 A4 EE BB AC  e9..X..9V....... 0010: B9 FC E9 B3                                        .... ] ]       ******************************************* ******************************************* [root@runtime-1 /opt/orchsym/runtime-ee/conf]# keytool -v -list -keystore truststore.jks Enter keystore password: Keystore type: jks Keystore provider: SUN   Your keystore contains 1 entry   Alias name: ca Creation date: Jan 9, 2024 Entry type: trustedCertEntry   Owner: CN=ca, OU=orchsym.com Issuer: CN=ca, OU=orchsym.com Serial number: d7621b97728d0ce0 Valid from: Mon Jan 08 23:50:34 CST 2024 until: Thu Jan 05 23:50:34 CST 2034 Certificate fingerprints: MD5:  66:8E:AA:A6:9B:66:E8:48:43:F0:AB:EF:7C:4A:28:09 SHA1: DD:EB:20:4E:D1:39:86:87:65:21:6D:BF:8A:FE:35:CB:EB:80:6D:75 SHA256: AE:F6:10:DE:50:D2:B2:08:A9:7E:BC:1F:21:89:B7:D4:AD:DB:02:C5:E3:C3:B4:38:FF:28:61:07:A9:EB:B9:4D Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3   Extensions:   #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 65 39 FC E5 58 02 CC 39   56 0E 9B F4 A4 EE BB AC  e9..X..9V....... 0010: B9 FC E9 B3                                        .... ] ]   #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[   CA:true   PathLen:2147483647 ]   #3: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 65 39 FC E5 58 02 CC 39   56 0E 9B F4 A4 EE BB AC  e9..X..9V....... 0010: B9 FC E9 B3                                        .... ] ]       ******************************************* *******************************************     ... View more

2024-01-08 22:59:04,191 DEBUG [Replicate Request Thread-5] o.a.n.c.c.h.r.o.OkHttpReplicationClient Replicating request OkHttpPreparedRequest[method=GET, headers={sec-fetch-site=same-origin, X-Request-ID=cefa0de909293ecff62ec11a567a7bf5, purpose=prefetch, User-Agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36, Accept-Encoding=gzip, deflate, br, locale=zh, sec-ch-ua-mobile=?0, X-ProxiedEntitiesChain=<admin@orchsym.com>, Content-Encoding=gzip, X-RequestTransactionId=46b8f4dd-346d-4969-b013-0318b425a5e8, X-Real-IP=172.18.153.98, sec-fetch-mode=cors, Cookie=INGRESSCOOKIE=1704456109.379.3262.11429|138638da7f02469ffa15ce137684f175; authMode=token; oidc-request-rfid=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ1MHlDcUI4MlVQMV9NS3B3aUljLVhXQmNNUWxybkJPLUM4dmdJZnUxUmFvIn0.eyJqdGkiOiI3NTI1MDJhMy04YjIyLTQzNDAtOThlMC1hYzY3YmY5MzBhNDciLCJleHAiOjE3MDQ3NjE1MDEsIm5iZiI6MCwiaWF0IjoxNzA0NzI1NTAxLCJpc3MiOiJodHRwczovLzE3Mi4xOC4xNTcuMjM1OjgyODMvYXV0aC9yZWFsbXMvYmFpc2hhbmNsb3VkIiwiYXVkIjoicnVudGltZS1rdWJlIiwic3ViIjoiMDczNzNlNDMtNmY2NC00ZDlhLTg1ZDQtZWRkNTA2NjJkNjIwIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6InJ1bnRpbWUta3ViZSIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjkxMDAyZDUyLTczNzEtNGJmYy04NTU2LWVkNDEzYjg0OTM1NCIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSJ9.AXI1uDJV629yce--7C_hIeKUdpSjkIWaeqm4_Ove_IMz4oMroPIYCBvKiF_XZ1u46uSxhGMz0DN5zhx3UwgYjo7OcofW6HtNolAgaCcfQU2rK_rMtb1VX3DfUAe6spyg0RwU6o08-5bRtd8vfH9S7ASIMO6dA3wD_o9bXlWGI7i4V2_mm-rnvm7qmC1e10xefu7Qhcq3g6dHh0tJcY6jFDNTBGS3qG9lME4y0E6FgrxlIr9vNtEqOIVHAa2MDLtXnJJnn9SHTBERsx-2T7wWmLKr_d_p3Cj62MvJeFEPMaPlZ3DANWx32dip4R9Y55DlzivEyAxSAyMm__QEFNPiXg, Accept=*/*, X-Forwarded-Host=runtime.irybd.com, X-Forwarded-Proto=https, Referer=https://runtime.irybd.com/runtime, X-Forwarded-Port=443, sec-ch-ua="Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120", X-ProxyHost=runtime.irybd.com, sec-ch-ua-platform="macOS", X-Forwarded-For=172.18.153.98, Accept-Language=en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7, X-Forwarded-Scheme=https, X-Scheme=https, sec-purpose=prefetch;prerender, sec-fetch-dest=empty}] to https://runtime-1.runtime-statefulset.default.svc.cluster.local:443/nifi-api/flow/current-user 2024-01-08 22:59:04,219 WARN [Replicate Request Thread-5] o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET /nifi-api/flow/current-user to runtime-1.runtime-statefulset.default.svc.cluster.local:443 due to javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown 2024-01-08 22:59:04,219 WARN [Replicate Request Thread-5] o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET /nifi-api/flow/current-user to runtime-1.runtime-statefulset.default.svc.cluster.local:443 due to javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown 2024-01-08 22:59:04,219 WARN [Replicate Request Thread-5] o.a.n.c.c.h.r.ThreadPoolRequestReplicator javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135) at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1779) at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:124) at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1156) at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1266) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1178) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:336) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:300) at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:185) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88) at okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:169) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117) at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229) at okhttp3.RealCall.execute(RealCall.java:81) at org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:122) at org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:116) at org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:629) at org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:821) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) 2024-01-08 22:59:04,219 WARN [Replicate Request Thread-5] o.a.n.c.c.h.r.ThreadPoolRequestReplicator javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135) at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1779) at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:124) at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1156) at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1266) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1178) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:336) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:300) at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:185) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88) at okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:169) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117) at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229) at okhttp3.RealCall.execute(RealCall.java:81) at org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:122) at org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:116) at org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:629) at org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:821) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) ... View more

When I was accessing the nifi and cut the login he gave me Received fatal alert: certificate_unknown ... View more

I set up a two node nifi cluster. and https and username and password authentication is enabled. When I was accessing the nifi and cut the login he gave me Received fatal alert: certificate_unknown ... View more