You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by "Adam J. Shook" <ad...@gmail.com> on 2016/12/04 23:34:35 UTC
Clustering configuration error -- HTTPS hostname wrong
Hello all,
I am trying to enable clustering on my NiFi instance, starting with the
original single-node instance which uses Kerberos and HTTPS. I've been
following the Clustering Configuration section in the admin guide, and I
see in the logs that the node takes over as the Coordinator and elects the
dataflow. When I try to connect to the UI I receive the below error -- it
looks like there is no hostname in the GET request when it tries to
replicate it? I started up the second node and I see it join the cluster,
but accessing the UI throws the same erro -- failing to replicate the
request to both nodes.
Any ideas?
Thank you,
--Adam
2016-12-04 23:28:02,105 WARN [Replicate Request Thread-1]
o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET
/nifi-api/flow/current-user to tihdedg11.troweprice.com:8080 due to {}
com.sun.jersey.api.client.ClientHandlerException: java.io.IOException:
HTTPS hostname wrong: should be <host1.foo.com>
at
com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155)
~[jersey-client-1.19.jar:1.19]
at com.sun.jersey.api.client.Client.handle(Client.java:652)
~[jersey-client-1.19.jar:1.19]
at
com.sun.jersey.api.client.filter.GZIPContentEncodingFilter.handle(GZIPContentEncodingFilter.java:123)
~[jersey-client-1.19.jar:1.19]
at
com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
~[jersey-client-1.19.jar:1.19]
at
com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
~[jersey-client-1.19.jar:1.19]
at
com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:509)
~[jersey-client-1.19.jar:1.19]
at
org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:578)
~[nifi-framework-cluster-1.1.0.jar:1.1.0]
at
org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:770)
~[nifi-framework-cluster-1.1.0.jar:1.1.0]
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[na:1.8.0_60]
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[na:1.8.0_60]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[na:1.8.0_60]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[na:1.8.0_60]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60]
Caused by: java.io.IOException: HTTPS hostname wrong: should be <
host1.foo.com>
at
sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:649)
~[na:1.8.0_60]
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:573)
~[na:1.8.0_60]
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
~[na:1.8.0_60]
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
~[na:1.8.0_60]
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
~[na:1.8.0_60]
at
java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
~[na:1.8.0_60]
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
~[na:1.8.0_60]
at
com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:253)
~[jersey-client-1.19.jar:1.19]
at
com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153)
~[jersey-client-1.19.jar:1.19]
... 12 common frames omitted
2016-12-04 23:28:02,105 WARN [Replicate Request Thread-1]
o.a.n.c.c.h.r.ThreadPoolRequestReplicator
Relevant configuration items:
nifi.remote.input.host=
nifi.remote.input.secure=false
nifi.remote.input.socket.port=
nifi.remote.input.http.enabled=false
nifi.remote.input.http.transaction.ttl=30 sec
nifi.web.http.host=
nifi.web.http.port=
nifi.web.https.host=host1.foo.com
nifi.web.https.port=8080
nifi.cluster.protocol.is.secure=true
nifi.cluster.is.node=true
nifi.cluster.node.address=host1.foo.com
nifi.cluster.node.protocol.port=45354
nifi.security.keystore=/export/appl/pkgs/nifi/conf/cert.p12
nifi.security.keystoreType=PKCS12
nifi.security.keystorePasswd=********
nifi.security.keyPasswd=********
nifi.security.truststore=/export/appl/pkgs/nifi/conf/cacert.jks
nifi.security.truststoreType=JKS
nifi.security.truststorePasswd=********
nifi.security.needClientAuth=
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=kerberos-provider
nifi.zookeeper.connect.string=host1.foo.com:2181,host2.foo.com:2181,
host3.foo.com:2181
nifi.zookeeper.connect.timeout=3 secs
nifi.zookeeper.session.timeout=3 secs
nifi.zookeeper.root.node=/nifi/team/dev
Re: Clustering configuration error -- HTTPS hostname wrong
Posted by Koji Kawamura <ij...@gmail.com>.
Hello Adam,
This Exception indicates that the node's certificate didn't match with
the requested hostname.
It seems when a node replicated a request to another node in the
cluster using the 'host1.foo.com', the target node responded with a
server certificate which was generated for other hostname.
Would you double check the keystore is configured with correct server
cert on each NiFi node?
(nifi.security.keystore)
Thanks,
Koji
> Caused by: java.io.IOException: HTTPS hostname wrong: should be
> <host1.foo.com>
> at
> sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:649)
> ~[na:1.8.0_60]
> at
On Mon, Dec 5, 2016 at 8:34 AM, Adam J. Shook <ad...@gmail.com> wrote:
> Hello all,
>
> I am trying to enable clustering on my NiFi instance, starting with the
> original single-node instance which uses Kerberos and HTTPS. I've been
> following the Clustering Configuration section in the admin guide, and I see
> in the logs that the node takes over as the Coordinator and elects the
> dataflow. When I try to connect to the UI I receive the below error -- it
> looks like there is no hostname in the GET request when it tries to
> replicate it? I started up the second node and I see it join the cluster,
> but accessing the UI throws the same erro -- failing to replicate the
> request to both nodes.
>
> Any ideas?
>
> Thank you,
> --Adam
>
>
> 2016-12-04 23:28:02,105 WARN [Replicate Request Thread-1]
> o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request GET
> /nifi-api/flow/current-user to tihdedg11.troweprice.com:8080 due to {}
> com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: HTTPS
> hostname wrong: should be <host1.foo.com>
> at
> com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155)
> ~[jersey-client-1.19.jar:1.19]
> at com.sun.jersey.api.client.Client.handle(Client.java:652)
> ~[jersey-client-1.19.jar:1.19]
> at
> com.sun.jersey.api.client.filter.GZIPContentEncodingFilter.handle(GZIPContentEncodingFilter.java:123)
> ~[jersey-client-1.19.jar:1.19]
> at
> com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
> ~[jersey-client-1.19.jar:1.19]
> at
> com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
> ~[jersey-client-1.19.jar:1.19]
> at
> com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:509)
> ~[jersey-client-1.19.jar:1.19]
> at
> org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:578)
> ~[nifi-framework-cluster-1.1.0.jar:1.1.0]
> at
> org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:770)
> ~[nifi-framework-cluster-1.1.0.jar:1.1.0]
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> [na:1.8.0_60]
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> [na:1.8.0_60]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> [na:1.8.0_60]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> [na:1.8.0_60]
> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60]
> Caused by: java.io.IOException: HTTPS hostname wrong: should be
> <host1.foo.com>
> at
> sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:649)
> ~[na:1.8.0_60]
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:573)
> ~[na:1.8.0_60]
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> ~[na:1.8.0_60]
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
> ~[na:1.8.0_60]
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
> ~[na:1.8.0_60]
> at
> java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
> ~[na:1.8.0_60]
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
> ~[na:1.8.0_60]
> at
> com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:253)
> ~[jersey-client-1.19.jar:1.19]
> at
> com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153)
> ~[jersey-client-1.19.jar:1.19]
> ... 12 common frames omitted
> 2016-12-04 23:28:02,105 WARN [Replicate Request Thread-1]
> o.a.n.c.c.h.r.ThreadPoolRequestReplicator
>
> Relevant configuration items:
>
> nifi.remote.input.host=
> nifi.remote.input.secure=false
> nifi.remote.input.socket.port=
> nifi.remote.input.http.enabled=false
> nifi.remote.input.http.transaction.ttl=30 sec
>
> nifi.web.http.host=
> nifi.web.http.port=
> nifi.web.https.host=host1.foo.com
> nifi.web.https.port=8080
>
> nifi.cluster.protocol.is.secure=true
> nifi.cluster.is.node=true
> nifi.cluster.node.address=host1.foo.com
> nifi.cluster.node.protocol.port=45354
>
> nifi.security.keystore=/export/appl/pkgs/nifi/conf/cert.p12
> nifi.security.keystoreType=PKCS12
> nifi.security.keystorePasswd=********
> nifi.security.keyPasswd=********
> nifi.security.truststore=/export/appl/pkgs/nifi/conf/cacert.jks
> nifi.security.truststoreType=JKS
> nifi.security.truststorePasswd=********
> nifi.security.needClientAuth=
> nifi.security.user.authorizer=file-provider
> nifi.security.user.login.identity.provider=kerberos-provider
>
> nifi.zookeeper.connect.string=host1.foo.com:2181,host2.foo.com:2181,host3.foo.com:2181
> nifi.zookeeper.connect.timeout=3 secs
> nifi.zookeeper.session.timeout=3 secs
> nifi.zookeeper.root.node=/nifi/team/dev
Re: Clustering configuration error -- HTTPS hostname wrong
Posted by "Adam J. Shook" <ad...@gmail.com>.
Thanks for your help, Bryan. I walked through your guide and was able to
use the new keystore and certs generated by the nifi-toolkit -- which is
great by the way. Makes it easy for us security n00bs.
I compared the configurations and they were similar; nothing out of the
ordinary. Must have been something with how the keystore and certs were
originally generated.
I've now got a two node NiFi cluster -- now to update the processor configs
to handle the new node...
Thanks again,
--Adam
On Mon, Dec 5, 2016 at 12:04 PM, Bryan Bende <bb...@gmail.com> wrote:
> Adam,
>
> This is definitely interesting that your single node secure setup was
> working fine and now doesn't work when enabling clustering.
>
> Since you mentioned you weren't opposed to starting over, this post that I
> wrote when 1.0 was released should be fairly up to date:
> http://bryanbende.com/development/2016/08/17/apache-nifi-1-
> 0-0-authorization-and-multi-tenancy
>
> It uses the NiFi toolkit to generate the certs, which also generates a
> nifi.properties for you. It might interesting to work through that, and
> assuming it works, then compare the working config to the current config to
> see if anything jumps out as being different.
>
> If you want to keep troubleshooting your current setup, it might be good
> to use keytool to list the contents of your p12 keystore and see if the
> Subject looks correct:
>
> keytool -list -keystore /export/appl/pkgs/nifi/conf/cert.p12 -storepass
> {password} -storetype PKCS12 -v
>
> I don't see how it could be wrong if your single node setup was working,
> but it is worth a shot.
>
> -Bryan
>
> On Mon, Dec 5, 2016 at 11:25 AM, Adam J. Shook <ad...@gmail.com>
> wrote:
>
>> The tihdedg11 URL would be my failed attempt to mask all the hostnames ;)
>> Oh well. That'd be host1.foo.com.
>>
>> The certificates I am using were generated using the below documentation
>> [1] as a guide back on NiFi 0.6 -- but we're using the Kerberos provider
>> and not the LDAP provider. I've used the same certs from 0.6 to 1.0 and
>> now to 1.1 and I've never had a problem with them. This is a single-node
>> cluster (for now, soon to be two if I can get it working with one) and it
>> is failing to replicate the request to itself.
>>
>> I'm far from a security buff and don't really know where to begin
>> troubleshooting this. If there is a more up-to-date guide on how to get
>> security setup, I'd be happy to start over and work through that. I've
>> tried [2] just now and that also didn't pan out since there is no longer an
>> authorizer-users.xml file (and I can't make a new one since I've already
>> upgraded my old users.xml to the new model).
>>
>> Thank you,
>> --Adam
>>
>> [1] https://community.hortonworks.com/articles/7341/nifi-user-au
>> thentication-with-ldap.html
>> [2] https://community.hortonworks.com/articles/886/securing-
>> nifi-step-by-step.html
>>
>> On Sun, Dec 4, 2016 at 7:57 PM, Andre <an...@fucs.org> wrote:
>>
>>> Adam,
>>>
>>> Is the X509 certificate of host1.foo.com reflecting the correct Subject
>>> Name?
>>>
>>> Would you know where the URL tihdedg11.troweprice.com:8080 come from?
>>>
>>> Cheers
>>>
>>> On Mon, Dec 5, 2016 at 10:34 AM, Adam J. Shook <ad...@gmail.com>
>>> wrote:
>>>
>>>> Hello all,
>>>>
>>>> I am trying to enable clustering on my NiFi instance, starting with the
>>>> original single-node instance which uses Kerberos and HTTPS. I've been
>>>> following the Clustering Configuration section in the admin guide, and I
>>>> see in the logs that the node takes over as the Coordinator and elects the
>>>> dataflow. When I try to connect to the UI I receive the below error -- it
>>>> looks like there is no hostname in the GET request when it tries to
>>>> replicate it? I started up the second node and I see it join the cluster,
>>>> but accessing the UI throws the same erro -- failing to replicate the
>>>> request to both nodes.
>>>>
>>>> Any ideas?
>>>>
>>>> Thank you,
>>>> --Adam
>>>>
>>>>
>>>> 2016-12-04 23:28:02,105 WARN [Replicate Request Thread-1]
>>>> o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request
>>>> GET /nifi-api/flow/current-user to tihdedg11.troweprice.com:8080 due
>>>> to {}
>>>> com.sun.jersey.api.client.ClientHandlerException: java.io.IOException:
>>>> HTTPS hostname wrong: should be <host1.foo.com>
>>>>
>>>>
>>
>
Re: Clustering configuration error -- HTTPS hostname wrong
Posted by Bryan Bende <bb...@gmail.com>.
Adam,
This is definitely interesting that your single node secure setup was
working fine and now doesn't work when enabling clustering.
Since you mentioned you weren't opposed to starting over, this post that I
wrote when 1.0 was released should be fairly up to date:
http://bryanbende.com/development/2016/08/17/apache-
nifi-1-0-0-authorization-and-multi-tenancy
It uses the NiFi toolkit to generate the certs, which also generates a
nifi.properties for you. It might interesting to work through that, and
assuming it works, then compare the working config to the current config to
see if anything jumps out as being different.
If you want to keep troubleshooting your current setup, it might be good to
use keytool to list the contents of your p12 keystore and see if the
Subject looks correct:
keytool -list -keystore /export/appl/pkgs/nifi/conf/cert.p12 -storepass
{password} -storetype PKCS12 -v
I don't see how it could be wrong if your single node setup was working,
but it is worth a shot.
-Bryan
On Mon, Dec 5, 2016 at 11:25 AM, Adam J. Shook <ad...@gmail.com> wrote:
> The tihdedg11 URL would be my failed attempt to mask all the hostnames ;)
> Oh well. That'd be host1.foo.com.
>
> The certificates I am using were generated using the below documentation
> [1] as a guide back on NiFi 0.6 -- but we're using the Kerberos provider
> and not the LDAP provider. I've used the same certs from 0.6 to 1.0 and
> now to 1.1 and I've never had a problem with them. This is a single-node
> cluster (for now, soon to be two if I can get it working with one) and it
> is failing to replicate the request to itself.
>
> I'm far from a security buff and don't really know where to begin
> troubleshooting this. If there is a more up-to-date guide on how to get
> security setup, I'd be happy to start over and work through that. I've
> tried [2] just now and that also didn't pan out since there is no longer an
> authorizer-users.xml file (and I can't make a new one since I've already
> upgraded my old users.xml to the new model).
>
> Thank you,
> --Adam
>
> [1] https://community.hortonworks.com/articles/7341/nifi-user-
> authentication-with-ldap.html
> [2] https://community.hortonworks.com/articles/886/
> securing-nifi-step-by-step.html
>
> On Sun, Dec 4, 2016 at 7:57 PM, Andre <an...@fucs.org> wrote:
>
>> Adam,
>>
>> Is the X509 certificate of host1.foo.com reflecting the correct Subject
>> Name?
>>
>> Would you know where the URL tihdedg11.troweprice.com:8080 come from?
>>
>> Cheers
>>
>> On Mon, Dec 5, 2016 at 10:34 AM, Adam J. Shook <ad...@gmail.com>
>> wrote:
>>
>>> Hello all,
>>>
>>> I am trying to enable clustering on my NiFi instance, starting with the
>>> original single-node instance which uses Kerberos and HTTPS. I've been
>>> following the Clustering Configuration section in the admin guide, and I
>>> see in the logs that the node takes over as the Coordinator and elects the
>>> dataflow. When I try to connect to the UI I receive the below error -- it
>>> looks like there is no hostname in the GET request when it tries to
>>> replicate it? I started up the second node and I see it join the cluster,
>>> but accessing the UI throws the same erro -- failing to replicate the
>>> request to both nodes.
>>>
>>> Any ideas?
>>>
>>> Thank you,
>>> --Adam
>>>
>>>
>>> 2016-12-04 23:28:02,105 WARN [Replicate Request Thread-1]
>>> o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request
>>> GET /nifi-api/flow/current-user to tihdedg11.troweprice.com:8080 due to
>>> {}
>>> com.sun.jersey.api.client.ClientHandlerException: java.io.IOException:
>>> HTTPS hostname wrong: should be <host1.foo.com>
>>>
>>>
>
Re: Clustering configuration error -- HTTPS hostname wrong
Posted by "Adam J. Shook" <ad...@gmail.com>.
The tihdedg11 URL would be my failed attempt to mask all the hostnames ;)
Oh well. That'd be host1.foo.com.
The certificates I am using were generated using the below documentation
[1] as a guide back on NiFi 0.6 -- but we're using the Kerberos provider
and not the LDAP provider. I've used the same certs from 0.6 to 1.0 and
now to 1.1 and I've never had a problem with them. This is a single-node
cluster (for now, soon to be two if I can get it working with one) and it
is failing to replicate the request to itself.
I'm far from a security buff and don't really know where to begin
troubleshooting this. If there is a more up-to-date guide on how to get
security setup, I'd be happy to start over and work through that. I've
tried [2] just now and that also didn't pan out since there is no longer an
authorizer-users.xml file (and I can't make a new one since I've already
upgraded my old users.xml to the new model).
Thank you,
--Adam
[1]
https://community.hortonworks.com/articles/7341/nifi-user-authentication-with-ldap.html
[2]
https://community.hortonworks.com/articles/886/securing-nifi-step-by-step.html
On Sun, Dec 4, 2016 at 7:57 PM, Andre <an...@fucs.org> wrote:
> Adam,
>
> Is the X509 certificate of host1.foo.com reflecting the correct Subject
> Name?
>
> Would you know where the URL tihdedg11.troweprice.com:8080 come from?
>
> Cheers
>
> On Mon, Dec 5, 2016 at 10:34 AM, Adam J. Shook <ad...@gmail.com>
> wrote:
>
>> Hello all,
>>
>> I am trying to enable clustering on my NiFi instance, starting with the
>> original single-node instance which uses Kerberos and HTTPS. I've been
>> following the Clustering Configuration section in the admin guide, and I
>> see in the logs that the node takes over as the Coordinator and elects the
>> dataflow. When I try to connect to the UI I receive the below error -- it
>> looks like there is no hostname in the GET request when it tries to
>> replicate it? I started up the second node and I see it join the cluster,
>> but accessing the UI throws the same erro -- failing to replicate the
>> request to both nodes.
>>
>> Any ideas?
>>
>> Thank you,
>> --Adam
>>
>>
>> 2016-12-04 23:28:02,105 WARN [Replicate Request Thread-1]
>> o.a.n.c.c.h.r.ThreadPoolRequestReplicator Failed to replicate request
>> GET /nifi-api/flow/current-user to tihdedg11.troweprice.com:8080 due to
>> {}
>> com.sun.jersey.api.client.ClientHandlerException: java.io.IOException:
>> HTTPS hostname wrong: should be <host1.foo.com>
>>
>>
Re: Clustering configuration error -- HTTPS hostname wrong
Posted by Andre <an...@fucs.org>.
Adam,
Is the X509 certificate of host1.foo.com reflecting the correct Subject
Name?
Would you know where the URL tihdedg11.troweprice.com:8080 come from?
Cheers
On Mon, Dec 5, 2016 at 10:34 AM, Adam J. Shook <ad...@gmail.com> wrote:
> Hello all,
>
> I am trying to enable clustering on my NiFi instance, starting with the
> original single-node instance which uses Kerberos and HTTPS. I've been
> following the Clustering Configuration section in the admin guide, and I
> see in the logs that the node takes over as the Coordinator and elects the
> dataflow. When I try to connect to the UI I receive the below error -- it
> looks like there is no hostname in the GET request when it tries to
> replicate it? I started up the second node and I see it join the cluster,
> but accessing the UI throws the same erro -- failing to replicate the
> request to both nodes.
>
> Any ideas?
>
> Thank you,
> --Adam
>
>
> 2016-12-04 23:28:02,105 WARN [Replicate Request Thread-1] o.a.n.c.c.h.r.ThreadPoolRequestReplicator
> Failed to replicate request GET /nifi-api/flow/current-user to
> tihdedg11.troweprice.com:8080 due to {}
> com.sun.jersey.api.client.ClientHandlerException: java.io.IOException:
> HTTPS hostname wrong: should be <host1.foo.com>
>
>