Problem with Nifi and Registry connection after secure setup

[Yunus Emre Gürses <e2...@ceng.metu.edu.tr>]

Hi all,
I have a secure setup running on same machine for both Nifi and Registry. Nifi is not clustered. Before making Registry secure, I would able to commit my flows to Registry successfully. After configuring LDAP and secure configs, when I try to commit my flows on Nifi, I started to face "No available buckets" issue on the save flow screen. Both Nifi and Registry use same truststore and keystore. I didnt generate keystore and truststore and I dont know whether I should. The keystore is provided by my company, it has one PrivateKeyEntry and its owner is something like this: "CN=*.tcmb.gov.tr, OU=HEAD OFFICE, O=COMPANY NAME, L=Ankara, ST=Ankara, C=TR". 

I have searched on the Internet and found a similiar post:
https://community.cloudera.com/t5/Support-Questions/Nifi-not-able-to-load-available-buckets-in-nifi-registry/m-p/330753#M230743

Even though, I have tried those advices, couldnt solve the problem. I have been trying for a week and seems I'm stuck. 
I learn that Registry needs to know the Nifi identity to proxy requests. I tried to create users and give special permissions for my Nifi but no effect. These are the names I have created in Registry to identity my Nifi:

- CN=hostname.tcmb.gov.tr, OU=HEAD OFFICE, O=COMPANY NAME, L=Ankara, ST=Ankara, C=TR
- CN=*.tcmb.gov.tr, OU=HEAD OFFICE, O=COMPANY NAME, L=Ankara, ST=Ankara, C=TR
- *.tcmb.gov.tr
- hostname.tcmb.gov.tr
- localhost

I added nifi.properties and nifi-registry.properties at attachments, replaced my server name with "hostname" everywhere. Please any help would be great.

-Yemre

Re: Problem with Nifi and Registry connection after secure setup

[Yunus Emre Gürses <e2...@ceng.metu.edu.tr>]

I have solved my problem.
For anyone having this kind of issue, 
It was because of the wildcard sertificate of my company. After changing it, problem solved. In the Owner field in the keystore of Nifi, the CN field must start with the hostname, not a wildcard (*)

-Yemre

> Yunus Emre Gürses <e2...@ceng.metu.edu.tr> şunları yazdı (26 Kas 2021 17:24):
> 
> Hi all,
> I have a secure setup running on same machine for both Nifi and Registry. Nifi is not clustered. Before making Registry secure, I would able to commit my flows to Registry successfully. After configuring LDAP and secure configs, when I try to commit my flows on Nifi, I started to face "No available buckets" issue on the save flow screen. Both Nifi and Registry use same truststore and keystore. I didnt generate keystore and truststore and I dont know whether I should. The keystore is provided by my company, it has one PrivateKeyEntry and its owner is something like this: "CN=*.tcmb.gov.tr, OU=HEAD OFFICE, O=COMPANY NAME, L=Ankara, ST=Ankara, C=TR". 
> 
> I have searched on the Internet and found a similiar post:
> https://community.cloudera.com/t5/Support-Questions/Nifi-not-able-to-load-available-buckets-in-nifi-registry/m-p/330753#M230743
> 
> Even though, I have tried those advices, couldnt solve the problem. I have been trying for a week and seems I'm stuck. 
> I learn that Registry needs to know the Nifi identity to proxy requests. I tried to create users and give special permissions for my Nifi but no effect. These are the names I have created in Registry to identity my Nifi:
> 
> - CN=hostname.tcmb.gov.tr, OU=HEAD OFFICE, O=COMPANY NAME, L=Ankara, ST=Ankara, C=TR
> - CN=*.tcmb.gov.tr, OU=HEAD OFFICE, O=COMPANY NAME, L=Ankara, ST=Ankara, C=TR
> - *.tcmb.gov.tr
> - hostname.tcmb.gov.tr
> - localhost
> 
> I added nifi.properties and nifi-registry.properties at attachments, replaced my server name with "hostname" everywhere. Please any help would be great.
> 
> -Yemre
>