Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.5.0
Description
Users often encounter an exception when validating certificates which is poorly worded and confusing:
./nifi-app.log:2016-01-06 08:06:38,637 ERROR [Timer-Driven Process Thread-6] o.a.nifi.processors.standard.InvokeHTTP InvokeHTTP[id=c75d8a02-3a6a-3c72-a086-ca0ace77fd62] Routing to Failure due to exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Due to phrases like "PKIX path building failed" and "unable to find valid certification path to requested target", users often believe this is a file path issue and that NiFi cannot locate the truststore. However, the issue is actually that no certificate validation "path" can be constructed – i.e. NiFi cannot find a chain between the certificate being validated and any trusted CA certificate that has signed it (or intermediaries).
This exception should be caught and a more explicative error message should be displayed, with suggestions for how to resolve this issue (usually importing the custom CA certificate or self-signed certificate into the truststore).
Attachments
Attachments
Issue Links
- is related to
-
NIFI-1477 Import trusted CA certificates into NiFi local truststore
- Resolved