Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-1479

Catch PKIX CertPathValidatorException and provide better error messaging

    XMLWordPrintableJSON

    Details

      Description

      Users often encounter an exception when validating certificates which is poorly worded and confusing:

      ./nifi-app.log:2016-01-06 08:06:38,637 ERROR [Timer-Driven Process Thread-6] o.a.nifi.processors.standard.InvokeHTTP InvokeHTTP[id=c75d8a02-3a6a-3c72-a086-ca0ace77fd62] Routing to Failure due to exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      

      Due to phrases like "PKIX path building failed" and "unable to find valid certification path to requested target", users often believe this is a file path issue and that NiFi cannot locate the truststore. However, the issue is actually that no certificate validation "path" can be constructed – i.e. NiFi cannot find a chain between the certificate being validated and any trusted CA certificate that has signed it (or intermediaries).

      This exception should be caught and a more explicative error message should be displayed, with suggestions for how to resolve this issue (usually importing the custom CA certificate or self-signed certificate into the truststore).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                alopresto Andy LoPresto
                Reporter:
                alopresto Andy LoPresto
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: