You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by Lior Halperin <li...@outseer.com.INVALID> on 2021/12/16 09:26:30 UTC
javax.net.ssl.SSLPeerUnverifiedException
Hi,
We are using nifi 1.15 secured cluster with external zk 3.7.0 defined in the zk conf:
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
sslQuorum=false
also in the nifi nodes zookeeper properties we defined
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
on nifi start up nodes we get :
2021-12-15 21:57:43,440 ERROR [nioEventLoopGroup-2-1] o.apache.zookeeper.common.ZKTrustManager Failed to verify host address: 127.0.0.1
javax.net<http://javax.net/>.ssl.SSLPeerUnverifiedException: Certificate for <127.0.0.1> doesn't match common name of the certificate subject: APP SERVER KEY
what are definitions we miss that should eliminate the SSLPeerUnverifiedException?
Internal Use - Confidential
javax.net.ssl.SSLPeerUnverifiedException
Posted by Lior Halperin <li...@outseer.com>.
Hi.
Is there a flag or java property I can pass in bootstrap.conf to eliminate the host verification?
2021-12-19 16:06:27,112 WARN [Replicate Request Thread-2] o.a.n.c.c.h.r.ThreadPoolRequestReplicator
2048 javax.net<http://javax.net/>.ssl.SSLPeerUnverifiedException: Hostname vm-nifi-secured-01 not verified:
2049 certificate: sha256/O85MaZTkQTxHPCS/Xdp24X+0+h3rOxkqMhNUMzrIsOg=
2050 DN: CN=APP SERVER KEY, OU=3DS, O=RSA, ST=ISRAEL, C=IL
2051 subjectAltNames: []
2052 at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:389)
2053 at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
2054 at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
2055 at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
2056 at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
2057 at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
2058 at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
2059 at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
2060 at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2061 at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
2062 at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2063 at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
2064 at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2065 at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
2066 at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2067 at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
2068 at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
2069 at org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:136)
2070 at org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:130)
2071 at org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:640)
2072 at org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:832)
2073 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
2074 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
2075 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
2076 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
2077 at java.lang.Thread.run(Thread.java:748)
Internal Use - Confidential
javax.net.ssl.SSLPeerUnverifiedException
Posted by Lior Halperin <li...@outseer.com.INVALID>.
Hi.
Is there a flag or java property I can pass in bootstrap.conf to eliminate the host verification?
2021-12-19 16:06:27,112 WARN [Replicate Request Thread-2] o.a.n.c.c.h.r.ThreadPoolRequestReplicator
2048 javax.net<http://javax.net/>.ssl.SSLPeerUnverifiedException: Hostname vm-nifi-secured-01 not verified:
2049 certificate: sha256/O85MaZTkQTxHPCS/Xdp24X+0+h3rOxkqMhNUMzrIsOg=
2050 DN: CN=APP SERVER KEY, OU=3DS, O=RSA, ST=ISRAEL, C=IL
2051 subjectAltNames: []
2052 at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:389)
2053 at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
2054 at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
2055 at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
2056 at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
2057 at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
2058 at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
2059 at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
2060 at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2061 at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
2062 at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2063 at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
2064 at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2065 at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
2066 at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
2067 at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
2068 at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
2069 at org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:136)
2070 at org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:130)
2071 at org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:640)
2072 at org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:832)
2073 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
2074 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
2075 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
2076 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
2077 at java.lang.Thread.run(Thread.java:748)
Internal Use - Confidential
RE: javax.net.ssl.SSLPeerUnverifiedException
Posted by Lior Halperin <li...@outseer.com.INVALID>.
https://issues.apache.org/jira/browse/NIFI-3081
maybe related to this?
Internal Use - Confidential
From: Lior Halperin
Sent: Thursday, 16 December 2021 11:27
To: users@nifi.apache.org; dev@nifi.apache.org
Subject: javax.net.ssl.SSLPeerUnverifiedException
Hi,
We are using nifi 1.15 secured cluster with external zk 3.7.0 defined in the zk conf:
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
sslQuorum=false
also in the nifi nodes zookeeper properties we defined
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
on nifi start up nodes we get :
2021-12-15 21:57:43,440 ERROR [nioEventLoopGroup-2-1] o.apache.zookeeper.common.ZKTrustManager Failed to verify host address: 127.0.0.1
javax.net<http://javax.net/>.ssl.SSLPeerUnverifiedException: Certificate for <127.0.0.1> doesn't match common name of the certificate subject: APP SERVER KEY
what are definitions we miss that should eliminate the SSLPeerUnverifiedException?
Internal Use - Confidential
RE: javax.net.ssl.SSLPeerUnverifiedException
Posted by Lior Halperin <li...@outseer.com>.
nifi.zookeeper.connect.string=vm-nifi-secured-01:2281
(currently we did one machine with zk)
Internal Use - Confidential
From: Mark Payne <ma...@hotmail.com>
Sent: Thursday, 16 December 2021 16:20
To: users
Subject: Re: javax.net.ssl.SSLPeerUnverifiedException
[EXTERNAL MAIL]
Lior,
What do you have set for the “nifi.zookeeper.connect.string” property in nifi.properties?
Thanks
-Mark
On Dec 16, 2021, at 4:26 AM, Lior Halperin <li...@outseer.com>> wrote:
Hi,
We are using nifi 1.15 secured cluster with external zk 3.7.0 defined in the zk conf:
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
sslQuorum=false
also in the nifi nodes zookeeper properties we defined
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
on nifi start up nodes we get :
2021-12-15 21:57:43,440 ERROR [nioEventLoopGroup-2-1] o.apache.zookeeper.common.ZKTrustManager Failed to verify host address: 127.0.0.1
javax.net<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fjavax.net%2F__%3B!!KcCDy9is!smYEPjRrMifLOF9b7WWcmXijvP__UP-YyVwbMiAIOxB6KET4E2lWRec-Z3pcaiIVcN4%24&data=04%7C01%7Clior.halperin%40outseer.com%7Cf197c66441874353cae508d9c09f3f02%7C80be6ad4370143d1a7c3a71eb4edff96%7C0%7C0%7C637752612453578853%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=5I%2BI7%2FcDQmcy0rSchuRkTzopz6Dz95yfphdwDoVu8dE%3D&reserved=0>.ssl.SSLPeerUnverifiedException: Certificate for <127.0.0.1> doesn't match common name of the certificate subject: APP SERVER KEY
what are definitions we miss that should eliminate the SSLPeerUnverifiedException?
Internal Use - Confidential
Re: javax.net.ssl.SSLPeerUnverifiedException
Posted by Mark Payne <ma...@hotmail.com>.
Lior,
What do you have set for the “nifi.zookeeper.connect.string” property in nifi.properties?
Thanks
-Mark
On Dec 16, 2021, at 4:26 AM, Lior Halperin <li...@outseer.com>> wrote:
Hi,
We are using nifi 1.15 secured cluster with external zk 3.7.0 defined in the zk conf:
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
sslQuorum=false
also in the nifi nodes zookeeper properties we defined
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
on nifi start up nodes we get :
2021-12-15 21:57:43,440 ERROR [nioEventLoopGroup-2-1] o.apache.zookeeper.common.ZKTrustManager Failed to verify host address: 127.0.0.1
javax.net<http://javax.net/>.ssl.SSLPeerUnverifiedException: Certificate for <127.0.0.1> doesn't match common name of the certificate subject: APP SERVER KEY
what are definitions we miss that should eliminate the SSLPeerUnverifiedException?
Internal Use - Confidential
RE: javax.net.ssl.SSLPeerUnverifiedException
Posted by Lior Halperin <li...@outseer.com>.
https://issues.apache.org/jira/browse/NIFI-3081
maybe related to this?
Internal Use - Confidential
From: Lior Halperin
Sent: Thursday, 16 December 2021 11:27
To: users@nifi.apache.org; dev@nifi.apache.org
Subject: javax.net.ssl.SSLPeerUnverifiedException
Hi,
We are using nifi 1.15 secured cluster with external zk 3.7.0 defined in the zk conf:
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
sslQuorum=false
also in the nifi nodes zookeeper properties we defined
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
on nifi start up nodes we get :
2021-12-15 21:57:43,440 ERROR [nioEventLoopGroup-2-1] o.apache.zookeeper.common.ZKTrustManager Failed to verify host address: 127.0.0.1
javax.net<http://javax.net/>.ssl.SSLPeerUnverifiedException: Certificate for <127.0.0.1> doesn't match common name of the certificate subject: APP SERVER KEY
what are definitions we miss that should eliminate the SSLPeerUnverifiedException?
Internal Use - Confidential