[ https://issues.apache.org/jira/browse/NIFI-4899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16371966#comment-16371966 ]
Pierre Villard commented on NIFI-4899: -------------------------------------- This looks like as a truststore issue. Is it a cluster setup? How has SSL been enabled on the cluster, manually or using the toolkit? Nevertheless, it's kind of weird this is happening only once after a NiFi restart... [~alopresto] may have an idea about it. > Unable to find valid certification path to requested target > ----------------------------------------------------------- > > Key: NIFI-4899 > URL: https://issues.apache.org/jira/browse/NIFI-4899 > Project: Apache NiFi > Issue Type: Bug > Components: Core UI > Affects Versions: 1.5.0 > Environment: NiFi Version 1.5.0 > Java 1.8.0_161-b12 > CentOS Linux release 7.4.1708 > Reporter: Josef Zahner > Priority: Minor > Labels: certificate, login, ssl > Attachments: Screen Shot 2018-02-21 at 11.08.13.png > > > In my clustered ssl environment, if I start the webgui the first time, enter > my login credentials (verified via LDAP) and go ahead (click "LOG IN") I'm > getting the error below: > !Screen Shot 2018-02-21 at 11.08.13.png! > {code:java} > javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at > org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:284) > at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:278) > at > org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$0(JerseyInvocation.java:753) > at org.glassfish.jersey.internal.Errors.process(Errors.java:316) > at org.glassfish.jersey.internal.Errors.process(Errors.java:298) > at org.glassfish.jersey.internal.Errors.process(Errors.java:229) > at > org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:414) > at > org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:752) > at > org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:661) > at > org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:875) > at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) > at java.util.concurrent.FutureTask.run(Unknown Source) > at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) > at java.lang.Thread.run(Unknown Source) > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at sun.security.ssl.Alerts.getSSLException(Unknown Source) > at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) > at sun.security.ssl.Handshaker.fatalSE(Unknown Source) > at sun.security.ssl.Handshaker.fatalSE(Unknown Source) > at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) > at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) > at sun.security.ssl.Handshaker.processLoop(Unknown Source) > at sun.security.ssl.Handshaker.process_record(Unknown Source) > at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) > at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) > at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) > at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown > Source) > at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) > at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) > at java.net.HttpURLConnection.getResponseCode(Unknown Source) > at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown > Source) > at > org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:390) > at > org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:282) > ... 14 common frames omitted > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > at sun.security.validator.PKIXValidator.doBuild(Unknown Source) > at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) > at sun.security.validator.Validator.validate(Unknown Source) > at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) > at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) > at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) > ... 30 common frames omitted > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) > at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown > Source) > at java.security.cert.CertPathBuilder.build(Unknown Source) > ... 36 common frames omitted > {code} > A site refresh solves the issue and I can see the canvas. After the first > access, the issue is gone. I don't see it anymore until I restart NiFi. > The certificate path of the cert should be fine, at least the browser > (chrome) shows no problems in the address field. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)