Hi @araujo,   My apologies for coming back late.   The job reads from 2 Kafka sources and send the data to Kinesis stream (sink).   Thanks, Prabu. ... View more

@araujo  1. The error is recurring in the logs. 2. To start/stop Flink, I use 'service flink-jobmanager start/stop'.  3. To start the Flink job, I use: $FLINK_HOME/bin/flink run -d /opt/flink-jobs/lib/job1.jar --pathToPropertyFile /opt/flink-jobs/conf/job1.properties 4. To cancel the Flink job, I get the ID from 'flink list' command and I use: $FLINK_HOME/bin/flink cancel <ID>   Please let me know if you need anything.   Appreciate your help on this.   Thanks, Prabu. ... View more

Hello @araujo - Yes. That is the issue. From Java 11, we may need to explicitly set the keystore type.   Thanks, Prabu ... View more

Hi @araujo - Have you had a chance to look into this? Please let me know for your thoughts/suggestions.   Appreciate your help and patience.   Thanks, Prabu.   PS: Please ignore the reply on 02-25-2022 at 10:41 AM which was incomplete. I don't see a delete option to delete it.      ... View more

Hi @araujo: Here you go:   Andre: You upgraded Flink *and* NiFi versions at once. I don't think the Flink version would make a difference, but there's been some security changes in NiFi 1.15. I'm not sure how those would affect your case, but there's a possibility that they could require some additional configuration. Prabu: What would be the additional configuration that I may require? Please advise.   Andre: The 401 error (authentication error) seen in your logs is probably related to the anonymous login. The anonymous login indicates to me that there's something wrong with your keystore. Are you able to share the keystore and truststore details I asked before? Prabu: The authentication request sent from Flink node does not have the user name filled in. It was NOT the case when I run Flink in 1.8.0 version. Please refer the below log. When running in Flink 1.8.0 version, instead of 'anonymous' it had the 'owner' of the certificate added. In my certificate, I set the nifi_node1 as owner and other Flink and NiFi nodes as SAN (SubjectAlternativeName). 2022-02-22 21:27:39,381 INFO [NiFi Web Server-1203] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 16.13.8.6 [<anonymous>] GET https://nifi_node1:8443/nifi-api/site-to-site   Keystore details added at the bottom.   Andre: It's also weird that you had to add the truststore contents to the default Java cacerts. You should not need to do that if the truststore was being passed correctly to the job. Prabu: I did add the truststore to default Java cacerts as a part of troubleshooting the issue. The SSLHandshakeException issue resolved once the keystore is imported to default Java cacerts. I do set the truststore using nifi.truststore-file property and nifi.keystore-file property to set keystore file.   Andre: Are you running your job in cluster mode? Is that on YARN? Wherever that job is running you must ensure that the keystore and truststore are available for the job to read them, at the right location. Prabu: Ideally I will run the Flink and NiFi in separate cluster. To resolve the issues, Im currently running Flink in standalone node with NiFi running in cluster (3 nodes). I have the keystore and truststore files are in place and configured correctly. I have had the same configuration when my Flink was running in 1.8.0 version where I did not face this issue.   Andre: Could you please also share the command line that you use to submit the job? Prabu: I submit the job by running: FLINK_HOME/bin/flink run -d BASE_DIR/flows/FLOW_NAME/FLOW_NAME-FLOW_VERSION.jar --pathToPropertyFile BASE_DIR/flows/FLOW_NAME/FLOW_NAME.properties. The truststore and keystore properties are set in FLOW_NAME.properties file.   [prabu@prabus prabu]# keytool -list -v -keystore nifi-keystore.jks Enter keystore password: Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries Alias name: my-nifi Creation date: Feb 22, 2022 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=nifi_node1, O=xxxxx, L=yyyyy, ST=zzzz, C=US Issuer: CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Serial number: bdcb82652ab865e438a32e6fca785deb Valid from: Fri Feb 18 00:00:00 UTC 2022 until: Sat Feb 18 23:59:59 UTC 2023 Certificate fingerprints: SHA1: 6B:8C:65:89:2A:FA:A6:11:0C:FC:22:DA:B9:70:22:25:16:88:9C:20 SHA256: 93:C2:62:34:CD:88:EA:6B:F6:7F:CF:0C:29:1D:96:3D:20:41:AB:D8:68:AC:D5:31:72:46:55:48:F3:D6:6C:FF Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false 0000: 04 82 01 69 01 67 00 76 00 AD F7 BE FA 7C FF 10 ...i.g.v........ 0010: C8 8B 9D 3D 9C 1E 3E 18 6A B4 67 29 5D CF B1 0C ...=..>.j.g)]... 0020: 24 CA 85 86 34 EB DC 82 8A 00 00 01 7F 0E 76 7D $...4.........v. 0030: 71 00 00 04 03 00 47 30 45 02 21 00 A6 B5 8D 45 q.....G0E.!....E 0040: E2 A7 7B 59 88 B4 21 26 6E 10 89 D0 FA 8F 22 75 ...Y..!&n....."u 0050: 61 20 0F 33 BD 98 C3 E4 33 A6 D7 EF 02 20 77 E7 a .3....3.... w. 0060: FE 4A C3 5A 01 97 A0 92 A8 92 E2 67 5A E7 14 53 .J.Z.......gZ..S 0070: 7B 54 86 C0 BD D1 4C 47 F2 A6 8C CA 9C FB 00 75 .T....LG.......u 0080: 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0 52 1E E9 .z2.T..-. .8.R.. 0090: 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB ..p2..M;.+.:W.R. 00A0: 52 00 00 01 7F 0E 76 7D 2C 00 00 04 03 00 46 30 R.....v.,.....F0 00B0: 44 02 20 2F B5 FE 82 E0 9D CC 14 27 44 34 68 0E D. /.......'D4h. 00C0: 0F F5 15 20 A6 F7 F4 67 98 FC E9 9F 7F 82 46 9A ... ...g......F. 00D0: B6 43 3A 02 20 4D 74 21 1A 90 8A B2 44 4E 3D 0E .C:. Mt!....DN=. 00E0: EA 56 9B 9B 71 25 2D 04 AE A9 D9 9D AC 96 DC FD .V..q%-......... 00F0: 86 92 47 7A AD 00 76 00 E8 3E D0 DA 3E F5 06 35 ..Gz..v..>..>..5 0100: 32 E7 57 28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 2.W(..k......k.. 0110: 69 E1 77 7D 6D 06 BD 6E 00 00 01 7F 0E 76 7D 07 i.w.m..n.....v.. 0120: 00 00 04 03 00 47 30 45 02 20 22 F9 A7 9A C8 C5 .....G0E. "..... 0130: 60 6D 25 80 14 F2 6C 78 24 82 24 72 0F 88 24 45 `m%...lx$.$r..$E 0140: EE 5D 86 68 79 BC 7C A0 B4 FD 02 21 00 EA 19 9D .].hy......!.... 0150: 91 81 F5 EC 90 8C AB 0C D1 09 80 30 72 4C 1D CF ...........0rL.. 0160: DD 2C 7E 7B FD 3E EC BE 01 9D 60 AD 0C .,...>....`.. #2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt , accessMethod: ocsp accessLocation: URIName: http://ocsp.comodoca.com ] ] #3: ObjectId: 2.5.9.55 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 9A F3 2B DA CF AD 4F B6 2F BB 2A 48 48 2A 12 B7 ..+...O./.*HH*.. 0010: 1B 42 C1 24 .B.$ ] ] #4: ObjectId: 2.5.9.95 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ] #5: ObjectId: 2.5.9.85 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crl] ]] #6: ObjectId: 2.5.9.23 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.1.3.4] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.7.5.7.2.1 qualifier: 0000: 16 12 68 74 74 70 73 3A 2F 2F 73 65 63 74 69 67 ..https://sectig 0010: 6F 2E 63 6F 6D 2F 43 50 53 o.com/CPS ]] ] [CertificatePolicyId: [2.23.140.1.2.2] [] ] ] #7: ObjectId: 2.5.9.3 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #8: ObjectId: 2.5.9.5 Criticality=true KeyUsage [ DigitalSignature Key_Encipherment ] #9: ObjectId: 2.5.9.7 Criticality=false SubjectAlternativeName [ DNSName: nifi_node1 DNSName: flink_node1 DNSName: flink_node2 DNSName: flink_node3 DNSName: nifi_node2 DNSName: nifi_node3 ] #10: ObjectId: 2.5.9.4 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: F6 EF 7D 85 31 FA 04 A9 12 F8 BB 1D DB 6D 24 B0 ....1........m$. 0010: 1E 7D 95 31 ...1 ] ] ******************************************* ******************************************* Alias name: inter Creation date: Feb 22, 2022 Entry type: trustedCertEntry Owner: CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Serial number: 36825e7fb5a481937a8a9b9f6d1736bb93ca6 Valid from: Wed Feb 12 00:00:00 UTC 2014 until: Sun Feb 11 23:59:59 UTC 2029 Certificate fingerprints: SHA1: 10:4C:63:D2:54:6B:80:21:DD:10:5E:9F:BA:5A:8D:78:16:9F:6B:32 SHA256: 11:10:06:37:8A:FB:E8:E9:9B:B0:2B:A8:73:90:CA:42:9F:CA:27:73:F7:4D:7F:7E:B5:74:4D:AD:DF:68:01:4B Signature algorithm name: SHA384withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://crt.comodoca.com/COMODORSAAddTrustCA.crt , accessMethod: ocsp accessLocation: URIName: http://ocsp.comodoca.com ] ] #2: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: BB AF 7E 02 3D FB C6 F1 3C 84 9E AD EE 38 98 EC ....=...<....8.. 0010: D9 32 32 D4 .22. ] ] #3: ObjectId: 2.5.23.11 Criticality=true BasicConstraints:[ CA:true PathLen:0 ] #4: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/COMODORSACertificationAuthority.crl] ]] #5: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.5.2.3.0] [] ] [CertificatePolicyId: [2.23.14.1.2.2] [] ] ] #6: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #7: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #8: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 9C F3 2B DD CD BD 4F B6 2F BB 2A 48 48 2A 12 B7 ..+...O./.*HH*.. 0010: 1B 42 C1 24 .B.$ ] ] ******************************************* *******************************************   Thanks, Prabu. ... View more

Andre: You upgraded Flink *and* NiFi versions at once. I don't think the Flink version would make a difference, but there's been some security changes in NiFi 1.15. I'm not sure how those would affect your case, but there's a possibility that they could require some additional configuration. Prabu: What would be the additional configuration that I may require? Please advise.   Andre: The 401 error (authentication error) seen in your logs is probably related to the anonymous login. The anonymous login indicates to me that there's something wrong with your keystore. Are you able to share the keystore and truststore details I asked before? Prabu: The authentication request sent from Flink node does not have the user name filled in. It was NOT the case when I run Flink in 1.8.0 version. Please refer the below log. When running in Flink 1.8.0 version, instead of 'anonymous' it had the 'owner' of the certificate added. In my certificate, I set the nifi_node1 as owner and other Flink and NiFi nodes as SAN (SubjectAlternativeName). Please see below for keystore details. 2022-02-22 21:27:39,381 INFO [NiFi Web Server-1203] o.a.n.w.s.NiFiAuthenticationFilter Authentication Started 16.13.8.6 [<anonymous>] GET https://nifi_node1:8443/nifi-api/site-to-site   Andre: It's also weird that you had to add the truststore contents to the default Java cacerts. You should not need to do that if the truststore was being passed correctly to the job. Prabu: I did add the truststore to default Java cacerts as a part of troubleshooting the issue. The SSLHandshakeException issue resolved once the keystore is imported to default Java cacerts. I do set the truststore using nifi.truststore-file property and nifi.keystore-file property to set keystore file.   Andre: Are you running your job in cluster mode? Is that on YARN? Wherever that job is running you must ensure that the keystore and truststore are available for the job to read them, at the right location. Prabu: Ideally I will run the Flink and NiFi in separate cluster. To resolve the issues, Im currently running Flink in standalone node with NiFi running in cluster (3 nodes). I have the keystore and truststore files are in place and configured correctly. I have had the same configuration when my Flink was running in 1.8.0 version where I did not face this issue.   Andre: Could you please also share the command line that you use to submit the job? Prabu: I submit the job by running: FLINK_HOME/bin/flink run -d BASE_DIR/flows/FLOW_NAME/FLOW_NAME-FLOW_VERSION.jar --pathToPropertyFile BASE_DIR/flows/FLOW_NAME/FLOW_NAME.properties. The truststore and keystore properties are set in FLOW_NAME.properties file.     [prabu@prabus prabu]# keytool -list -v -keystore nifi-keystore.jks Enter keystore password: Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries Alias name: my-nifi Creation date: Feb 22, 2022 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=nifi_node1, O=xxxxx, L=yyyyy, ST=zzzz, C=US Issuer: CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Serial number: bdcb82652ab865e438a32e6fca785deb Valid from: Fri Feb 18 00:00:00 UTC 2022 until: Sat Feb 18 23:59:59 UTC 2023 Certificate fingerprints: SHA1: 6B:8C:65:89:2A:FA:A6:11:0C:FC:22:DA:B9:70:22:25:16:88:9C:20 SHA256: 93:C2:62:34:CD:88:EA:6B:F6:7F:CF:0C:29:1D:96:3D:20:41:AB:D8:68:AC:D5:31:72:46:55:48:F3:D6:6C:FF Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false 0000: 04 82 01 69 01 67 00 76 00 AD F7 BE FA 7C FF 10 ...i.g.v........ 0010: C8 8B 9D 3D 9C 1E 3E 18 6A B4 67 29 5D CF B1 0C ...=..>.j.g)]... 0020: 24 CA 85 86 34 EB DC 82 8A 00 00 01 7F 0E 76 7D $...4.........v. 0030: 71 00 00 04 03 00 47 30 45 02 21 00 A6 B5 8D 45 q.....G0E.!....E 0040: E2 A7 7B 59 88 B4 21 26 6E 10 89 D0 FA 8F 22 75 ...Y..!&n....."u 0050: 61 20 0F 33 BD 98 C3 E4 33 A6 D7 EF 02 20 77 E7 a .3....3.... w. 0060: FE 4A C3 5A 01 97 A0 92 A8 92 E2 67 5A E7 14 53 .J.Z.......gZ..S 0070: 7B 54 86 C0 BD D1 4C 47 F2 A6 8C CA 9C FB 00 75 .T....LG.......u 0080: 00 7A 32 8C 54 D8 B7 2D B6 20 EA 38 E0 52 1E E9 .z2.T..-. .8.R.. 0090: 84 16 70 32 13 85 4D 3B D2 2B C1 3A 57 A3 52 EB ..p2..M;.+.:W.R. 00A0: 52 00 00 01 7F 0E 76 7D 2C 00 00 04 03 00 46 30 R.....v.,.....F0 00B0: 44 02 20 2F B5 FE 82 E0 9D CC 14 27 44 34 68 0E D. /.......'D4h. 00C0: 0F F5 15 20 A6 F7 F4 67 98 FC E9 9F 7F 82 46 9A ... ...g......F. 00D0: B6 43 3A 02 20 4D 74 21 1A 90 8A B2 44 4E 3D 0E .C:. Mt!....DN=. 00E0: EA 56 9B 9B 71 25 2D 04 AE A9 D9 9D AC 96 DC FD .V..q%-......... 00F0: 86 92 47 7A AD 00 76 00 E8 3E D0 DA 3E F5 06 35 ..Gz..v..>..>..5 0100: 32 E7 57 28 BC 89 6B C9 03 D3 CB D1 11 6B EC EB 2.W(..k......k.. 0110: 69 E1 77 7D 6D 06 BD 6E 00 00 01 7F 0E 76 7D 07 i.w.m..n.....v.. 0120: 00 00 04 03 00 47 30 45 02 20 22 F9 A7 9A C8 C5 .....G0E. "..... 0130: 60 6D 25 80 14 F2 6C 78 24 82 24 72 0F 88 24 45 `m%...lx$.$r..$E 0140: EE 5D 86 68 79 BC 7C A0 B4 FD 02 21 00 EA 19 9D .].hy......!.... 0150: 91 81 F5 EC 90 8C AB 0C D1 09 80 30 72 4C 1D CF ...........0rL.. 0160: DD 2C 7E 7B FD 3E EC BE 01 9D 60 AD 0C .,...>....`.. #2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt , accessMethod: ocsp accessLocation: URIName: http://ocsp.comodoca.com ] ] #3: ObjectId: 2.5.9.55 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 9A F3 2B DA CF AD 4F B6 2F BB 2A 48 48 2A 12 B7 ..+...O./.*HH*.. 0010: 1B 42 C1 24 .B.$ ] ] #4: ObjectId: 2.5.9.95 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ] #5: ObjectId: 2.5.9.85 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crl] ]] #6: ObjectId: 2.5.9.23 Criticality=false CertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.1.3.4] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.7.5.7.2.1 qualifier: 0000: 16 12 68 74 74 70 73 3A 2F 2F 73 65 63 74 69 67 ..https://sectig 0010: 6F 2E 63 6F 6D 2F 43 50 53 o.com/CPS ]] ] [CertificatePolicyId: [2.23.140.1.2.2] [] ] ] #7: ObjectId: 2.5.9.3 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #8: ObjectId: 2.5.9.5 Criticality=true KeyUsage [ DigitalSignature Key_Encipherment ] #9: ObjectId: 2.5.9.7 Criticality=false SubjectAlternativeName [ DNSName: nifi_node1 DNSName: flink_node1 DNSName: flink_node2 DNSName: flink_node3 DNSName: nifi_node2 DNSName: nifi_node3 ] #10: ObjectId: 2.5.9.4 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: F6 EF 7D 85 31 FA 04 A9 12 F8 BB 1D DB 6D 24 B0 ....1........m$. 0010: 1E 7D 95 31 ...1 ] ] ******************************************* ******************************************* Alias name: inter Creation date: Feb 22, 2022 Entry type: trustedCertEntry Owner: CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Serial number: 36825e7fb5a481937a8a9b9f6d1736bb93ca6 Valid from: Wed Feb 12 00:00:00 UTC 2014 until: Sun Feb 11 23:59:59 UTC 2029 Certificate fingerprints: SHA1: 10:4C:63:D2:54:6B:80:21:DD:10:5E:9F:BA:5A:8D:78:16:9F:6B:32 SHA256: 11:10:06:37:8A:FB:E8:E9:9B:B0:2B:A8:73:90:CA:42:9F:CA:27:73:F7:4D:7F:7E:B5:74:4D:AD:DF:68:01:4B Signature algorithm name: SHA384withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://crt.comodoca.com/COMODORSAAddTrustCA.crt , accessMethod: ocsp accessLocation: URIName: http://ocsp.comodoca.com ] ] #2: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: BB AF 7E 02 3D FB C6 F1 3C 84 9E AD EE 38 98 EC ....=...<....8.. 0010: D9 32 32 D4 .22. ] ] #3: ObjectId: 2.5.23.11 Criticality=true BasicConstraints:[ CA:true PathLen:0 ] #4: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/COMODORSACertificationAuthority.crl] ]] #5: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.5.2.3.0] [] ] [CertificatePolicyId: [2.23.14.1.2.2] [] ] ] #6: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] #7: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #8: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 9C F3 2B DD CD BD 4F B6 2F BB 2A 48 48 2A 12 B7 ..+...O./.*HH*.. 0010: 1B 42 C1 24 .B.$ ] ] ******************************************* ******************************************* ... View more

Hi @araujo,   Flink 1.8.0 with NiFi artifacts (org.apache.nifi) in 1.11.6  - SUCCESS case Flink 1.14.3 with NiFi artifacts (org.apache.nifi) in 1.15.3 - FAILED case   I miss to specify, I do face the SSLHandshakeException when first started the Flink javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target So I added keystore and truststore to default Java's cacerts. Once keystores added and restarted, the SSLHandshakeException is not seen. After this I started seeing the below error (which I specified in my earlier reply as well)   org.apache.flink.util.SerializedThrowable: Tried all cluster URLs but none of those was accessible. Last Exception was org.apache.nifi.remote.util.SiteToSiteRestApiClient$HttpGetFailedException: response code 401:Unauthorized with explanation: null at org.apache.nifi.remote.util.SiteToSiteRestApiClient.getController(SiteToSiteRestApiClient.java:370) at org.apache.nifi.remote.client.SiteInfoProvider.refreshRemoteInfo(SiteInfoProvider.java:69) at org.apache.nifi.remote.client.SiteInfoProvider.getPortIdentifier(SiteInfoProvider.java:220) at org.apache.nifi.remote.client.SiteInfoProvider.getOutputPortIdentifier(SiteInfoProvider.java:204) at org.apache.nifi.remote.client.socket.SocketClient.getPortIdentifier(SocketClient.java:79) at org.apache.nifi.remote.client.socket.SocketClient.createTransaction(SocketClient.java:121) at org.apache.flink.streaming.connectors.nifi.NiFiSource.run(NiFiSource.java:91) at org.apache.flink.streaming.api.operators.StreamSource.run(StreamSource.java:110) at org.apache.flink.streaming.api.operators.StreamSource.run(StreamSource.java:67) at org.apache.flink.streaming.runtime.tasks.SourceStreamTask$LegacySourceFunctionThread.run(SourceStreamTask.java:323) Caused by: org.apache.flink.util.SerializedThrowable: response code 401:Unauthorized with explanation: null at org.apache.nifi.remote.util.SiteToSiteRestApiClient.execute(SiteToSiteRestApiClient.java:1177) at org.apache.nifi.remote.util.SiteToSiteRestApiClient.execute(SiteToSiteRestApiClient.java:1211) at org.apache.nifi.remote.util.SiteToSiteRestApiClient.fetchController(SiteToSiteRestApiClient.java:417) at org.apache.nifi.remote.util.SiteToSiteRestApiClient.getController(SiteToSiteRestApiClient.java:392) at org.apache.nifi.remote.util.SiteToSiteRestApiClient.getController(SiteToSiteRestApiClient.java:359) ... 9 common frames omitted   Please let me know for any questions.   Appreciate your help! Thanks, Prabu. ... View more