Yes, it’s possible to use a single SSL certificate across all hosts in your cluster, but it depends on how your domains are set up. If all hosts share the same base domain (like host1.example.com, host2.example.com), you can use a wildcard SSL or a multi-domain (SAN) SSL certificate that covers all hostnames. Install the same cert and key on each node. This avoids creating separate CSRs and renewals for every host. Just note that sharing one private key across multiple servers can be a small security risk if one host is compromised. Hope it helps! ... View more

I ran into the same findings in a Cloudera 7.x setup. For the Zookeeper TRACE/TRACK warning on port 7000, you can mitigate it by disabling these methods in the embedded Jetty config or, more commonly, by placing a reverse proxy (Apache/Nginx) in front of ZooKeeper and blocking TRACE/TRACK. For the MapReduce HSTS warning (port 13562), HSTS isn’t enabled by default. The fix is to add the Strict Transport Security header either through the service’s HTTPS response configuration or again via a reverse proxy. This enforces HTTPS and clears the scan finding. ... View more

The error means the SSL certificates used by your Cloudera ODBC driver are outdated or expired. To fix it, download the latest cacerts.pem file from a trusted source like Curl's CA bundle or your company’s security team. Replace the old cacerts.pem file in the ODBC driver's configuration directory. Then restart your ODBC connection and test again. ... View more

The error ERR_BAD_SSL_CLIENT_AUTH_CERT is a security-related bug that appears in web browsers, especially Google Chrome, due to a failure to interact with the SSL/TLS client authentication process.  This issue arises when SSL/TLS certificates are required on both client and server sides, but the client fails to present a valid certificate or the server can't verify it. Common causes include certificate misconfiguration, incorrect device date/time, software issues, or interference from browser extensions and antivirus programs. There are many different ways to fix the error which you need to understand properly in detail. Furthermore I found the helpful resource at:-  https://cheapsslweb.com/resources/how-to-fix-the-err_bad_ssl_client_auth_cert-error. I hope it helps!     ... View more

Glad to see that you've found the solution. If you ever come across the same error in the future and this same set of steps doesn't work, you can refer to this guide. - https://certera.com/blog/how-to-fix-err-ssl-protocol-error-in-chrome/  The reason I am leaving this here is that that's a pretty common SSL error; there are total of 10-12 checklists one need to go through if until one of it works. ... View more

Looks like a revision tracking issue introduced in NiFi 2.x, especially with how it handles state in the AzureKeyvaultParameterProvider. Since it worked fine in 1.x, it’s likely a regression or a behavior change in how revisions are managed. Until a fix, try logging this with the NiFi Jira or reverting to 1.x if critical. ... View more