Member since
04-09-2019
2
Posts
1
Kudos Received
0
Solutions
05-14-2019
02:52 AM
1 Kudo
I solve this problem my self Using 'KeyStore Explore'. SubjectAlternativeName [ DNSName: x.x.x.x IPAddress: x.x.x.x ]
... View more
04-10-2019
05:01 PM
Current version: 1.6.0 Upgrade version: 1.8.0 Applying the cluster, accessing the ui results in an error. (x.x.x.x is hostname, my server ip..) The key was not created as a wildcard. ---UI Error--- javax.net.ssl.SSLPeerUnverifiedException: Hostname x.x.x.x not verified: certificate: sha256/cj+QcD4F2YafhbXSeRmuLznbS24EWVhAvCbU71aVGWo= DN: CN=x,x,x,x, OU=NIFI subjectAltNames: [x.x.x.x] ---api access error--- https://x.x.x.x:1234/nifi-api/flow/current-user javax.net.ssl.SSLPeerUnverifiedException: Hostname x.x.x.x not verified: certificate: sha256/!!!#$@!#qtA3h/Nhqm7wcLzM= DN: CN=x.x.x.x, OU=NIFI subjectAltNames: [x.x.x.x] ---log Error--- 2019-04-08 08:26:28,522 WARN [Replicate Request Thread-5] o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET /nifi-api/flow/current-user to x.x.x.x:9443 due to javax.net.ssl.SSLPeerUnverifiedException: Hostname x.x.x.x not verified:
certificate: sha256/IiBnANAzEOL~~~qm7wcLzM=
DN: CN=x.x.x.x, OU=NIFI
subjectAltNames: [x.x.x.x]
2019-04-08 08:26:28,523 WARN [Replicate Request Thread-5] o.a.n.c.c.h.r.ThreadPoolRequestReplicator
javax.net.ssl.SSLPeerUnverifiedException: Hostname x.x.x.x not verified:
certificate: sha256/IiBnANAzEOLVg+DipeiOT+fkIDpqtA3h/Nhqm7wcLzM=
DN: CN=x.x.x.x, OU=NIFI
subjectAltNames: [x.x.x.x]
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:316)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:270)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:162)
at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:257)
at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135)
at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114)
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200)
at okhttp3.RealCall.execute(RealCall.java:77)
at org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:138)
at org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:132)
at org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:647)
at org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:839)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748) --- keystore.jks------ Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: nifi-key
Creation date: Apr 5, 2019
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=x.x.x.x, OU=NIFI
Issuer: CN=x.x.x.x, OU=NIFI
Serial number: 169ec64~~~~00
Valid from: Fri Apr 05 07:26:15 UTC 2019 until: Mon Apr 04 07:26:15 UTC 2022
Certificate fingerprints:
MD5: 6B:70:04~~6:FF:CD:D1:29:E4
SHA1: 88:~~~~:AE:8B:9B:10:BF:F4
SHA256: 90:5A:FA:AF:B7:~~~~:7F:CE:89:95:64:BC:C1:53:E8:E6:58:30:7B:AC
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C8 B4~~~~~~~~ D0 12 8D A4 5C ...oNB.(.......\
0010: 1D 6C 42 FC .lB.
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Key_Agreement
]
#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: x.x.x.x
]
#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0B F7 ~~F5 2C B8 ..Y.vu..?P....,.
0010:~~7 32 ...2
]
]
Certificate[2]:
Owner: CN=x.x.x.x, OU=NIFI
Issuer: CN=x.x.x.x, OU=NIFI
Serial number: 169ec64~~000000
Valid from: Fri Apr 05 07:26:15 UTC 2019 until: Mon Apr 04 07:26:15 UTC 2022
Certificate fingerprints:
MD5: 94:F8:68:14~~~~E2:08:29:55:B8:D6:7D
SHA1: 5B:E6:A1:D1:2A:4F:27:~~~:9E:85:1F:66:77:68:4C:C9:55:27:95:FD
SHA256: 67:33:71~~A:1F:EF:1D:57:7E:BB:13:2F:4C:94:1F:B2:58:59:70
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C8 B4 80~~E 08 D0 12 8D A4 5C ...oNB.(.......\
0010: 1D 6C 42 FC ~~.lB.
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:21474~~7
]
#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Key_Agreement
Key_CertSign
Crl_Sign
]
#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 B4 80 6F 4E ~~ 8D A4 5C ...oNB.(.......\
0010: 1D 6C 42 FC .lB.
]
]
*******************************************
******************************************* I don't know what the problem. +I have no choice but to use the domain name and host name as an ip. I understand that the key tool provided by the nifi only provides the domain name of the character. as follows SubjectAlternativeName [ DNSName: nifi-1 ] But I want to use it as follows. (x.x.x.x is my ip address.) SubjectAlternativeName [ DNSName: x.x.x.x IPAddress: x.x.x.x ] tell me how to create a key with Java toolkit.
... View more
Labels:
- Labels:
-
Apache NiFi