nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Chaves <e...@uolet.com>
Subject Re: Help with SSL Context Service for https post requests
Date Fri, 08 Dec 2017 23:53:13 GMT
sure! I'm listing the log folder from inside the docker container.
logback.xml is attached.

nifi@5d3b7bd36ffd:/opt/nifi/nifi-1.4.0$ ls -al logs
total 162720
drwxr-xr-x  2 nifi nifi      4096 Dec  8 01:03 .
drwxr-xr-x 15 nifi nifi      4096 Dec  8 22:02 ..
-rw-r--r--  1 nifi nifi         0 Nov 30 15:25 .gitkeep
-rw-r--r--  1 nifi nifi    602301 Dec  8 22:02 nifi-bootstrap.log
-rw-r--r--  1 nifi nifi     63400 Dec  7 16:35 nifi-bootstrap_2017-12-07.log
-rw-r--r--  1 nifi nifi 164964352 Dec  8 23:45 nifi-user.log
-rw-r--r--  1 nifi nifi    970005 Dec  7 23:59 nifi-user_2017-12-07.log
nifi@5d3b7bd36ffd:/opt/nifi/nifi-1.4.0$

Regarding the error, the truststore is in a folder where nifi user has read
access:

nifi@5d3b7bd36ffd:/opt/nifi/nifi-1.4.0$ ls -al ../assets
total 176
drwxr-xr-x 2 nifi nifi   4096 Dec  8 17:49 .
drwxr-xr-x 9 nifi nifi   4096 Dec  8 22:02 ..
-rw-r--r-- 1 nifi nifi      0 Dec  1 01:37 .gitkeep
-rw-r--r-- 1 nifi nifi   2255 Dec  8 02:04 mandril-send.json
-rw-r--r-- 1 nifi nifi    302 Dec  7 02:41 sample.html
-rw-r--r-- 1 nifi nifi 163706 Dec  8 17:50 truststore.p12
nifi@5d3b7bd36ffd:/opt/nifi/nifi-1.4.0$


Am I required to set keystore together or can I use just the truststore?

regards,


2017-12-08 20:53 GMT-02:00 Andy LoPresto <alopresto@apache.org>:

> That error could be thrown if the file does not have OS level permissions
> that allow the user running NiFi to read it. I’m a little surprised there
> is no nifi-app.log file, as that gets written to as soon as the application
> starts up. If you are able to configure a processor or controller service
> through the API / UI, that file should exist.
>
> Can you provide the contents of your $NIFI_HOME/conf/logback.xml file and
> a directory listing of $NIFI_HOME/logs?
>
>
> Andy LoPresto
> alopresto@apache.org
> *alopresto.apache@gmail.com <alopresto.apache@gmail.com>*
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
>
> On Dec 8, 2017, at 2:11 PM, Eric Chaves <eric@uolet.com> wrote:
>
> Hi Andy,
>
> The log from bulletin board is:
>
> PostHTTP[id=3253a78a-0160-1000-b7cf-6d7878f13efa] Unable to communicate
> with destination https://mandrillapp.com/api/1.0/messages/send.json to
> determine whether or not it can accept flowfiles/gzip; routing
> StandardFlowFileRecord[uuid=cffc2f1d-97cb-423f-9296-5e796fd49a99,claim=StandardContentClaim
> [resourceClaim=StandardResourceClaim[id=1512770613805-1,
> container=default, section=1], offset=15244, length=2260],offset=0,name=emails
> sample.csv,size=2260] to failure due to javax.net.ssl.SSLException:
> java.lang.RuntimeException: Unexpected error: java.security.
> InvalidAlgorithmParameterException: the trustAnchors parameter must be
> non-empty: java.lang.RuntimeException: *Unexpected error:
> java.security.InvalidAlgorithmParameterException: the trustAnchors
> parameter must be non-empty*
>
> For some reason that I couldn't investigate yet my current nifi setup is
> not generating the nifi-app.log.
>
> Googling the error message the reason would be lacking of a truststore
> file but I have the exported file in place so I really dont know where else
> to look.
>
> Do you have any idea?
>
> Regards,
>
> Eric
>
> 2017-12-08 19:31 GMT-02:00 Andy LoPresto <alopresto@apache.org>:
>
>> Hi Eric,
>>
>> The truststore is a collection of trusted public key certificates. As you
>> noted, the /etc/ssl/ directory contains pre-loaded CA certificates to be
>> used for this. You can also use the JVM cacerts file, which is already in
>> JKS format.
>>
>> If this isn’t sufficient, can you provide an error from the log or a
>> further description of the issue you’re encountering? Thanks.
>>
>> Andy LoPresto
>> alopresto@apache.org
>> *alopresto.apache@gmail.com <alopresto.apache@gmail.com>*
>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
>>
>> On Dec 8, 2017, at 10:21 AM, Eric Chaves <eric@uolet.com> wrote:
>>
>> Hi,
>>
>> I'd like to make an HTTPS request to an internet public service but I'm
>> failing to to setup the SSL Context Service. I tried to export my system
>> certs to be used as truststore.
>>
>> openssl pkcs12 -export -nokeys -in /etc/ssl/certs/ca-certificates.crt
>> -out ./assets/truststore.p12
>>
>> Can someone help me out with a step-by-step?
>>
>> Thanks
>>
>>
>>
>
>

Mime
View raw message