Hi Ara, I can see that the Toolkit version is 1.7.1 but what versions of NiFi and NiFi Registry are you using?
Can you perform an ssldump [1] on the Toolkit or the Registry side to see the TLS handshake error (supposing that is the issue) more closely? [1] https://devcentral.f5.com/articles/troubleshooting-tls-problems-with-ssldump On Wed, Oct 24, 2018 at 4:21 PM Bryan Bende <bbe...@gmail.com> wrote: > With the CLI using the keystore/truststore from NiFi you shouldn't get > an SSL handshake error at all, regardless of whether it was a command > against NiFi or NIFi Registry. > > After the SSL handshake the command could still fail based on whether > the identity of the CLI has permissions to execute the command in the > target system. > > For example, using NiFi's own identity to make a call against NiFi > like "nifi pg-start ..." will probably fail with an unauthorized error > unless you granted the NiFi user permission to modify components, by > default the server users only have one or two permissions like /proxy > and /controller. > > Alternatively you can also pass a proxiedEntity specifying a user that > already has permission to modify components and then it should work. > > On Wed, Oct 24, 2018 at 10:04 AM ara m. <arama...@gmail.com> wrote: > > > > Thats right they are identical, and registry-dev.properties has 2 more > > fields, one that is baseUrl https:// registry:port, and the other > > proxiedEntity is left blank.. > > > > /baseUrl=https://nifi-registry.xx.local:18443 > > proxiedEntity=/ > > > > So using those NiFi properties the CLI can only talk to the Registry, is > > that right? > > > > Meaning these commands we expect to succeed > > /> registry list-buckets -p registry-dev.properties/ > > > > but any command that calls to 'nifi' from the CLI, we expect to fail? > > /> nifi pg-start -pgid .../ > > > > From inside NiFi container I am able to ping that Registry address, and > the > > port is indeed listening in Registry.. The url I used for Registry is the > > same URL that I specified in NiFi UI for Registry and I was able to get > > buckets && version flow (of my processor group). > > > > > > > > -- > > Sent from: http://apache-nifi-users-list.2361937.n4.nabble.com/ >