nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <alopre...@apache.org>
Subject Re: Secure NiFi Cluster Unable to Obtain Buckets from Secure NiFi Registry
Date Wed, 21 Feb 2018 18:38:13 GMT
Ryan,

In addition to the solution Bryan pointed out, if you want to be able to use IP addresses
to identify the registry endpoint, you can also add the IP address in the Subject Alternative
Names list in the certificate and then it will be able to verify the certificate.


Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Feb 21, 2018, at 10:24 AM, Ryan H <ryan.howell.development@gmail.com> wrote:
> 
> Hi,
> 
> Yes, that looks like it is the issue. I think I have run into this problem before using
IP's instead of hostnames. I have it working now.
> 
> Thanks for the quick response!
> 
> -Ryan H
> 
> On Wed, Feb 21, 2018 at 10:15 AM, Bryan Bende <bbende@gmail.com <mailto:bbende@gmail.com>>
wrote:
> Ryan,
> 
> Did you happen to enter the registry client in NiFI using the IP
> address of the registry?
> 
> I'm not totally sure, but based on that message it seems like its
> trying to connect to an IP address, but the certificate of the
> registry only contains the hostname of the registry.
> 
> -Bryan
> 
> 
> On Wed, Feb 21, 2018 at 12:52 PM, Ryan H
> <ryan.howell.development@gmail.com <mailto:ryan.howell.development@gmail.com>>
wrote:
> > Hi All,
> >
> > I am running into an issue with connecting to a Secure NiFi Registry
> > instance from a Secure NiFi cluster. When trying to place a process group
> > under version control, I am getting the following error:
> >
> > Unable to obtain listing of buckets: javax.net.ssl.SSLHandshakeException:
> > java.security.cert.CertificateException: No subject alternative names
> > matching IP address my-secure-registry-ip found
> >
> > I have added the DN for each of the Nodes in the cluster to the
> > authorizers.xml file on the registry in the usersGroupProvider list. I have
> > also added the DN of the secure registry to the usersGroupProvider list on
> > the secure NiFi cluster nodes.
> >
> > Any thoughts?
> >
> > Thanks,
> >
> > Ryan H
> 


Mime
View raw message