You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Andy LoPresto (Jira)" <ji...@apache.org> on 2020/09/02 01:43:00 UTC
[jira] [Commented] (NIFI-7756) NIFI 1.12.0 doesn't work with
wildcard certificates
[ https://issues.apache.org/jira/browse/NIFI-7756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17188911#comment-17188911 ]
Andy LoPresto commented on NIFI-7756:
-------------------------------------
I'm marking this as closed. As Pierre points out, true wildcard certs are not supported, and certificates with multiple SAN or keystores with multiple certs are supported and the regression in NIFI-7730 has been resolved.
> NIFI 1.12.0 doesn't work with wildcard certificates
> ---------------------------------------------------
>
> Key: NIFI-7756
> URL: https://issues.apache.org/jira/browse/NIFI-7756
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Security
> Affects Versions: 1.12.0
> Reporter: Heinz Mayer
> Assignee: Andy LoPresto
> Priority: Major
>
> After Upgrade to NIFI 1.12.0, NIFI doesn't start anymore
> The same keystore works with NIFI 1.11.4
> {code:java}
> 2020-08-21 07:52:21,462 INFO [main] o.e.jetty.util.ssl.SslContextFactory x509=X509@2559c968(tomcat,h=[mic.co.at],w=[mic.co.at]) for SslContextFactory@37f3a1a0[provider=null,keyStore=file:///opt/nifi/conf/keystore.jks,trustStore=file:///opt/nifi/conf/keystore.jks]2020-08-21 07:52:21,462 INFO [main] o.e.jetty.util.ssl.SslContextFactory x509=X509@2559c968(tomcat,h=[mic.co.at],w=[mic.co.at]) for SslContextFactory@37f3a1a0[provider=null,keyStore=file:///opt/nifi/conf/keystore.jks,trustStore=file:///opt/nifi/conf/keystore.jks]2020-08-21 07:52:21,469 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1275) at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256) at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:92) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:320) at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.server.Server.doStart(Server.java:385) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:1058) at org.apache.nifi.NiFi.<init>(NiFi.java:158) at org.apache.nifi.NiFi.<init>(NiFi.java:72) at org.apache.nifi.NiFi.main(NiFi.java:301) {code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)