I have a cluster managed with cloudera, I have installed CFM (Nifi) with the tutorial; also secured the nifi nodes with TLS/SSL. When I tried the invokeHTTP processor, I have the following bulletin:
InvokeHTTP[id=3c2dea7a-0172-1000-0000-0000350072f1] Yielding processor due to exception encountered as a source processor: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have tried with and without a secured cluster (with the help of Nifi CA toolkit service), without any success. I also tried to create a controller service to force path of the trustore and keystore.
Now I am clueless on what to do, any ideas?
Thank you for your help,
@pdeuxa you need to configure the SSLContextService for the resource you are connecting to not the nifi cluster. You do this by adding the resource's SSL Certificates to a local nifi truststore, then tell NiFi where the truststore is. The files need to be properly owned for nifi and copied to all nifi nodes.