nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <alopre...@apache.org>
Subject Re: NIFI Secure Access ( Site to Site )
Date Wed, 13 Jul 2016 16:49:00 GMT
The message “com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
signature check failed” means that the application was not able to build a successful certificate
chain between the presented endpoint certificate and a trusted certificate issued by a Certificate
Authority.

Is the server certificate self-signed? If so, you will need to add the certificate to the
truststore. If it is signed by a well-known CA, you can use the default JRE truststore “$JAVA_HOME/jre/lib/security/cacerts”
which provides a list of selected certificate authority public keys. The default password
is “changeit”.

If you are using a custom CA, you can follow Matt’s article he linked above. This will walk
you through step-by-step instructions on setting up your keystore and truststore.


Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Jul 13, 2016, at 8:19 AM, Matthew Clarke <matt.clarke.138@gmail.com> wrote:
> 
> Try following this procedure:
> https://community.hortonworks.com/content/kbentry/17293/how-to-create-user-generated-keys-for-securing-nif.html
> 
> Matt
> On Jul 13, 2016 1:31 AM, "Vinay" <vinudev@gmail.com> wrote:
> 
>> Any from this forum can show some help :)
>> 
>> 
>> 
>> --
>> View this message in context:
>> http://apache-nifi-developer-list.39713.n7.nabble.com/NIFI-Secure-Access-Site-to-Site-tp12735p12785.html
>> Sent from the Apache NiFi Developer List mailing list archive at
>> Nabble.com.
>> 


Mime
View raw message