[ https://issues.apache.org/jira/browse/NIFI-5692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17315627#comment-17315627 ]
David Handermann commented on NIFI-5692: ---------------------------------------- [~Wogno] Thanks for following up. The {{PKIX path building failed}} message indicates that the remote host is not trusted. If the remote host has a certificate signed by a public certificate authority, then it should be possible to configure InvokeHTTP without an SSL Context Service, which will use the JVM default certificate authorities. In that scenario, it is also possible to configure an SSL Context Service that explicitly uses the JVM default certificate authorities by referencing the {{cacerts}} file as the Truststore Filename. On Java 11, {{cacerts}} is located under {{lib/security}} inside the Java home directory. InvokeHTTP can be configured with an SSL Context Service that has only a truststore configured, a keystore is not required. As indicated by the error message, however, the truststore must contain a certificate authority that signed the destination host certificate, whether that is a public certificate authority, or a private certificate authority. > InvokeHttp fails to initialize if SSL context doesn't have truststore set > ------------------------------------------------------------------------- > > Key: NIFI-5692 > URL: https://issues.apache.org/jira/browse/NIFI-5692 > Project: Apache NiFi > Issue Type: Bug > Affects Versions: 1.7.1 > Reporter: Joe Percivall > Priority: Major > > Impact: not able to use InvokeHttp to talk over HTTPS without using a > truststore and verifying the server. > To reproduce, create an InvokeHttp configured to use a > StandardRestrictedSSLContextService. Configure a keystore in the SSL context > but no truststore. Then enable the context. Attempting to run the processor > will fail with the following bulletin and log message: > {noformat} > InvokeHTTP[id=6875554d-0166-1000-5f09-c0e320896bfb] Failed to properly > initialize Processor. If still scheduled to run, NiFi will attempt to > initialize and run the Processor again after the 'Administrative Yield > Duration' has elapsed. Failure is due to > java.lang.reflect.InvocationTargetException: > java.lang.reflect.InvocationTargetException > {noformat} > > {noformat} > 2018-10-12 10:30:38,384 ERROR [Timer-Driven Process Thread-1] > o.a.nifi.processors.standard.InvokeHTTP > InvokeHTTP[id=6875554d-0166-1000-5f09-c0e320896bfb] Failed to properly > initialize Processor. If still scheduled to run, NiFi will attempt to > initialize and run the Processor again after the 'Administrative Yield > Duration' has elapsed. Failure is due to > java.lang.reflect.InvocationTargetException: > java.lang.reflect.InvocationTargetException > java.lang.reflect.InvocationTargetException: null at > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) at > org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:142) > at > org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:130) > at > org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:75) > at > org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:52) > at > org.apache.nifi.controller.StandardProcessorNode.lambda$initiateStart$4(StandardProcessorNode.java:1499) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) Caused by: > java.lang.IllegalStateException: TrustManagerFactoryImpl is not initialized > at > sun.security.ssl.TrustManagerFactoryImpl.engineGetTrustManagers(TrustManagerFactoryImpl.java:100) > at > javax.net.ssl.TrustManagerFactory.getTrustManagers(TrustManagerFactory.java:285) > at > org.apache.nifi.processors.standard.InvokeHTTP.setSslSocketFactory(InvokeHTTP.java:699) > at > org.apache.nifi.processors.standard.InvokeHTTP.setUpClient(InvokeHTTP.java:631) > ... 15 common frames omitted > {noformat} > -- This message was sent by Atlassian Jira (v8.3.4#803005)