You need to configure the truststore properties in the SSLContextService — the keystore contains the private key and public certificate the service (NiFi) uses to identify itself, but the truststore contains the public certificate(s) of external services NiFi should trust. In this case, in order to connect to another service at https://service.external.com, you will need to have the public certificate (pub1) of the External Service or one of the public certificates in the chain that signed that pub1. If this is a site on the public internet, you can probably use the JVM defaults, as it will likely be signed by a known certificate authority. If not, you must obtain that public certificate independently, put it in a JKS truststore, and populate the controller service properties for it.
JVM truststore: Path: $JAVA_HOME/jre/lib/security/cacerts (i.e. /Library/Java/JavaVirtualMachines/jdk1.8.0_101.jdk/Contents/Home/jre/lib/security/cacerts) Password: changeit (default) Type: JKS Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Dec 20, 2018, at 2:31 PM, l vic <lvic4...@gmail.com> wrote: > > Hello, > I am trying to perform "get" request over SSL from InvokeHTTP nifi-1.5.0-RC1; > I configured SSL by the means of a StandardSSLContextService > <https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi.ssl.StandardSSLContextService/> > with jks certificate (see attached) > When I try to execute processor, i see the following problem: > Caused by: java.lang.IllegalStateException: TrustManagerFactoryImpl is not > initialized > at > sun.security.ssl.TrustManagerFactoryImpl.engineGetTrustManagers(TrustManagerFactoryImpl.java:100) > Do I have an error in my configuration, or is this bug? keystore > file/password combination is valid - i can do that request from cli.... Can I > do "insecure" SSL request ( like curl -k) with InvokeHTTP? > Below is full stack trace > > 2018-12-20 14:53:41,116 ERROR [StandardProcessScheduler Thread-3] > o.a.n.controller.StandardProcessorNode Failed to invoke @OnScheduled method > due to java.lang.RuntimeException: Failed while executing one of processor's > OnScheduled task. > java.lang.RuntimeException: Failed while executing one of processor's > OnScheduled task. > at > org.apache.nifi.controller.StandardProcessorNode.invokeTaskAsCancelableFuture(StandardProcessorNode.java:1504) > at > org.apache.nifi.controller.StandardProcessorNode.initiateStart(StandardProcessorNode.java:1330) > at > org.apache.nifi.controller.StandardProcessorNode.lambda$start$0(StandardProcessorNode.java:1315) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.util.concurrent.ExecutionException: > java.lang.reflect.InvocationTargetException > at java.util.concurrent.FutureTask.report(FutureTask.java:122) > at java.util.concurrent.FutureTask.get(FutureTask.java:206) > at > org.apache.nifi.controller.StandardProcessorNode.invokeTaskAsCancelableFuture(StandardProcessorNode.java:1487) > ... 9 common frames omitted > Caused by: java.lang.reflect.InvocationTargetException: null > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:137) > at > org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:125) > at > org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:70) > at > org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:47) > at > org.apache.nifi.controller.StandardProcessorNode$1.call(StandardProcessorNode.java:1334) > at > org.apache.nifi.controller.StandardProcessorNode$1.call(StandardProcessorNode.java:1330) > ... 6 common frames omitted > Caused by: java.lang.IllegalStateException: TrustManagerFactoryImpl is not > initialized > at > sun.security.ssl.TrustManagerFactoryImpl.engineGetTrustManagers(TrustManagerFactoryImpl.java:100) > at > javax.net.ssl.TrustManagerFactory.getTrustManagers(TrustManagerFactory.java:285) > at > org.apache.nifi.processors.standard.InvokeHTTP.setSslSocketFactory(InvokeHTTP.java:613) > at > org.apache.nifi.processors.standard.InvokeHTTP.setUpClient(InvokeHTTP.java:545) > ... 16 common frames omitted > <Screen Shot 2018-12-20 at 3.21.08 PM.png>