ssl - 发送数据时NIFI 1.8 Site-to-Site SSLHandshakeException

标签 ssl apache-nifi sslhandshakeexception truststore

我有一个本地 NiFi 实例,我想通过安全的站点到站点通信将数据发送到 AWS 服务器上的远程 NiFi 实例。

我使用 NiFi TLS 工具包为我的客户端和服务器 keystore 和信任库生成了一个自签名证书。

在我的本地 NiFi 实例上,我有一个远程处理器组设置以指向远程 NiFi 实例上的输入端口。我的本地和远程实例之间的初始 SSL 握手成功,因为我能够看到来自远程实例的可用输入端口,并在本地实例的 Web UI 上显示“站点到站点是安全的”图标通知。

但是,当我尝试通过 https 通过 RPG 提供数据时,我在本地实例日志中收到以下错误:

2019-06-19 15:57:29,186 ERROR [I/O dispatcher 13] o.a.n.r.util.SiteToSiteRestApiClient Failed to create transaction for https://<local-instance-url>/nifi-api/data-transfer/input-ports/<UUID>/transactions
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:266)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:306)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:508)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:284)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:352)
... 9 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)
... 17 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 23 common frames omitted

我有点困惑,为什么在它似乎已经成功地进行了 SSL 握手之后还要尝试第二次 SSL 握手。初步研究表明我的证书不受信任,但我不确定如果是这样的话为什么我的第一次握手会成功。

在NIFI配置方面。我已经为这两个实例设置了远程属性以及所有其他 SSL 属性,包括 keystore /信任库信息

nifi.remote.input.host=<other-instance-host>
nifi.remote.input.secure=true
nifi.remote.input.http.enabled=true
nifi.remote.input.http.transaction.ttl=30 sec
...
nifi.cluster.protocol.is.secure=true

最佳答案

请检查这个 -> https://bryanbende.com/development/2016/08/30/apache-nifi-1.0.0-secure-site-to-site

不确定您是否已经到了那个点,但您必须将远程实例添加到您的用户并通过策略授予访问权限

关于ssl - 发送数据时NIFI 1.8 Site-to-Site SSLHandshakeException,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56675464/

上一篇:flutter - 抽屉菜单 - 侧面的子菜单

下一篇:Xamarin Forms 绑定(bind) - 拦截绑定(bind)值并更改它

相关文章:

java - 如何使一个流程文件成为单独的预先存在的流程文件的子文件?

objective-c - 通过 NSStream 与我的证书进行 SSL 握手

Jenkins 插件管理器 'Check Now' 'unable to find valid certification' 错误

node.js - 无法信任 Node.js 中来自 IIS Express 的自签名 SSL 证书

python - 尝试使用 python-mysql-connector 建立与 Mysql 服务器的 SSL 连接时访问被拒绝

postgresql - Nifi putsql处理器错误: Due to org. postgresql.util.PSQLException:列索引超出范围:1

java - 使用 IBM JDK 6 启用 ECDHE 密码

java - 通过 jsp (SMTP EXIM) 发送电子邮件时出错

node.js - 无法访问 Kubernetes 集群上的本地证书

apache-nifi - NiFi最大线程数

©2024 IT工具网  联系我们