nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <>
Subject Re: NiFi cannot start due to log permissions error
Date Tue, 10 Jan 2017 04:04:26 GMT
The illegal key size error is almost certainly due to the length of the keystore/truststore
password, but the ideal solution is not to decrease the password length, but rather to either
install the Unlimited Strength Jurisdiction Policy files if possible, and/or switch to using
a JKS keystore rather than PKCS12. PKCS12 without the USJ policies limit the keystore password
length to 7 characters, which is *not* sufficiently strong against modern computing capability.

Andy LoPresto
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Jan 9, 2017, at 11:43 AM, bmichaud <> wrote:
> Aldrin Piri wrote
>> Currently, NIFI_HOME is determined via the physical location of the script
>> and thus the reason why it is picking up the other path.  Typically, the
>> bin directory is not one that is suggested to be configured external to
>> the
>> distribution in the interest of facilitating upgrade processes.
> I can see that in the script.
> Aldrin Piri wrote
>> I see throughout the logs and final stacktrace that the path
>> /app_2/software/nifi/nifi-1.1.0/ is listed, but do not see that in either
>> of the listings you provided.  Could you please provide how that
>> relates to /app_2/software/nifi/latest?
>> Another symlink?
> Yes, "latest" is a symlink pointing to the latest nifi-1.*.* directory
> installed in the /app_2/software/nifi directory.
> Aldrin Piri wrote
>> Does explicitly setting your NIFI_HOME (/app_2/runtime/nifi) in
>> resolve this issue for you?
> I did not try that, but, when I tried to change the to take the
> PHYS_DIR variable to be the dirname of $0, but that did not work. However,
> my current work-around is to have a copy of the bin directory in the
> runtime/nifi directory.
> I would prefer not to do this, as it does make upgrades messier, but I am
> currently more concerned about the next error I got:
> InvalidKeyException: Illegal key size
> and I am trying to resolve that with a smaller password on my keystore and
> truststore files. (
> --
> View this message in context:
> Sent from the Apache NiFi Developer List mailing list archive at

View raw message