[
https://issues.apache.org/jira/browse/NIFI-5692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17315627#comment-17315627
]
David Handermann commented on NIFI-5692:
----------------------------------------
[~Wogno] Thanks for following up. The {{PKIX path building failed}} message
indicates that the remote host is not trusted. If the remote host has a
certificate signed by a public certificate authority, then it should be
possible to configure InvokeHTTP without an SSL Context Service, which will use
the JVM default certificate authorities. In that scenario, it is also possible
to configure an SSL Context Service that explicitly uses the JVM default
certificate authorities by referencing the {{cacerts}} file as the Truststore
Filename. On Java 11, {{cacerts}} is located under {{lib/security}} inside the
Java home directory.
InvokeHTTP can be configured with an SSL Context Service that has only a
truststore configured, a keystore is not required. As indicated by the error
message, however, the truststore must contain a certificate authority that
signed the destination host certificate, whether that is a public certificate
authority, or a private certificate authority.
> InvokeHttp fails to initialize if SSL context doesn't have truststore set
> -------------------------------------------------------------------------
>
> Key: NIFI-5692
> URL: https://issues.apache.org/jira/browse/NIFI-5692
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.7.1
> Reporter: Joe Percivall
> Priority: Major
>
> Impact: not able to use InvokeHttp to talk over HTTPS without using a
> truststore and verifying the server.
> To reproduce, create an InvokeHttp configured to use a
> StandardRestrictedSSLContextService. Configure a keystore in the SSL context
> but no truststore. Then enable the context. Attempting to run the processor
> will fail with the following bulletin and log message:
> {noformat}
> InvokeHTTP[id=6875554d-0166-1000-5f09-c0e320896bfb] Failed to properly
> initialize Processor. If still scheduled to run, NiFi will attempt to
> initialize and run the Processor again after the 'Administrative Yield
> Duration' has elapsed. Failure is due to
> java.lang.reflect.InvocationTargetException:
> java.lang.reflect.InvocationTargetException
> {noformat}
>
> {noformat}
> 2018-10-12 10:30:38,384 ERROR [Timer-Driven Process Thread-1]
> o.a.nifi.processors.standard.InvokeHTTP
> InvokeHTTP[id=6875554d-0166-1000-5f09-c0e320896bfb] Failed to properly
> initialize Processor. If still scheduled to run, NiFi will attempt to
> initialize and run the Processor again after the 'Administrative Yield
> Duration' has elapsed. Failure is due to
> java.lang.reflect.InvocationTargetException:
> java.lang.reflect.InvocationTargetException
> java.lang.reflect.InvocationTargetException: null at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498) at
> org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:142)
> at
> org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:130)
> at
> org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:75)
> at
> org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:52)
> at
> org.apache.nifi.controller.StandardProcessorNode.lambda$initiateStart$4(StandardProcessorNode.java:1499)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745) Caused by:
> java.lang.IllegalStateException: TrustManagerFactoryImpl is not initialized
> at
> sun.security.ssl.TrustManagerFactoryImpl.engineGetTrustManagers(TrustManagerFactoryImpl.java:100)
> at
> javax.net.ssl.TrustManagerFactory.getTrustManagers(TrustManagerFactory.java:285)
> at
> org.apache.nifi.processors.standard.InvokeHTTP.setSslSocketFactory(InvokeHTTP.java:699)
> at
> org.apache.nifi.processors.standard.InvokeHTTP.setUpClient(InvokeHTTP.java:631)
> ... 15 common frames omitted
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
