Support Questions

Find answers, ask questions, and share your expertise

SSLHandshakeException in Secured Nifi Cluster Setup.

avatar
New Contributor

We are trying to set up a 3 node nifi cluster on GCP virtual machine (Ubuntu). Have used a CA signed certificate for creating truststore and keystore (Followed this link for creation). Have attached them through nifi.properties file. Still getting below exception on tailing logs:

2022-05-26 18:14:26,544 INFO [main] o.a.n.c.p.AbstractNodeProtocolSender Cluster Coordinator is located at hostname:7474. Will send Cluster Connection Request to this address
2022-05-26 18:14:26,780 WARN [main] o.a.nifi.controller.StandardFlowService Failed to connect to cluster due to: org.apache.nifi.cluster.protocol.ProtocolException: Failed marshalling 'CONNECTION_REQUEST' protocol message due to: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2022-05-26 18:14:31,783 INFO [main] o.a.n.c.c.n.LeaderElectionNodeProtocolSender Determined that Cluster Coordinator is located at hostname:7474; will use this address for sending heartbeat messages

On the nifi UI seeing this 

javax.net.ssl.SSLPeerUnverifiedException: Hostname xx.yy.aa.bb not verified: certificate: sha256/I6cvWHqdHyhMxgNMGFcIwjY2zssGR***hidding_something_here**wjnWezSDm4= DN: CN=Guru Prakash, OU=Comm***, O=**pna, L=Bangalore, ST=Karnataka, C=IN subjectAltNames: []


Please help 🙏
 

3 REPLIES 3

avatar
Master Mentor

@Nifi_Noob 

Followed this link for creation is not a usable link. Can you update.

Geoffrey

avatar
Master Collaborator

Please make sure SSL certificates are created with the following settings https://docs.cloudera.com/cfm/2.1.4/cfm-security/topics/cfm-security-tls-certificate-requirements-re...

avatar
New Contributor

thank u very much. that helped me