Member since
11-22-2021
8
Posts
0
Kudos Received
0
Solutions
06-18-2024
01:10 AM
2 Kudos
This warning indicates that there might be an issue with the PKIX validation, which is related to the SSL certificates. PKIX validation is used to verify the trustworthiness of SSL certificates during the SSL handshake process. If the validation fails, it means that the SSL certificate cannot be trusted, potentially leading to connection issues. To resolve this issue, you can try the following steps: 1. Check the SSL certificate configuration: Verify that the SSL certificates are correctly configured in the Nifi cluster. Ensure that the certificates are valid and trusted. 2. Check the keystore and truststore: Ensure that the Keystore and Truststore files are properly configured and contain the necessary certificates. Make sure that they have not expired or been revoked. 3. Verify the server's hostname: Ensure that the server hostname in the SSL certificate matches the actual hostname of the Nifi cluster. If they do not match, it can cause PKIX validation failures. 4. Check the time synchronization: Ensure that the system time on all the machines in the Nifi cluster is synchronized. A time difference between machines can lead to certificate validation issues. 5. Update the Java truststore: If the SSL certificate is self-signed or issued by an intermediate CA, it might not be recognized by Java by default. You may need to import the certificate into the Java truststore using the keytool utility. 6. Restart Nifi and validate the cluster status: After making any changes or adjustments, restart Nifi and monitor the cluster status. Check if the disconnectivity issue is resolved.
... View more
09-05-2023
01:38 AM
@Shiseems like you have enabled Spnego authentication for Solr web UI. To access the page, you need to have a Kerberos ticket on your machine from which you access the page. Do Kinit and then try to access the page
... View more
09-05-2023
01:32 AM
@ShiIt seems like you don't have a valid Kerberos ticket. Make sure you have a Kerberos ticket on the host where you're accessing the page.
... View more
07-14-2023
02:27 PM
@shamika NiFi based authorization is case sensitive. 2023-07-12 10:46:40,800 INFO [NiFi Web Server-19] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[myuser], groups[bigG, bigdGer] does not have permission to access the requested resource. No applicable policies could be found. Returning Forbidden response the nifi-user.log is telling you that your successfully authenticated user "myuser" is known by NiFi to belong to groups "bigG" and "bigdGer". In Ranger you'll need to make sure that yoru user "myuser" or one of these groups "bigG" and/or "bigdGer" has been authorized for "READ" on the "/flow" NiFi resource Identifier. If Ranger has the group as "bigg" or "BIGG", "bigDGER", etc it will not work because NiFi is case sensitive. You could also share your authorizers.xml if you'd like use to verify your configuration there. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt
... View more