Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-10932

NiFi Toolkit CLI cannot connect to NiFi - trustAnchors parameter must be non-empty

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.19.0, 1.19.1
    • 1.20.0
    • None
    • None

    Description

      When running NiFi 1.19.0 using the apache/nifi docker image, the NiFi Toolkit is not able to connect to the running NiFi instance (with the default Single User Auth enabled).

      Having updated the NiFi Toolkit CLI properties file with the Truststore and Keystore details generated by NiFi (found within nifi.properties), then attempting to run a command using the NiFi Toolkit command line such as:

      /opt/nifi/nifi-toolkit-current/bin/cli.sh session set nifi
/opt/nifi/nifi-toolkit-current/bin/cli.sh nifi get-services

      The following error is returned:

      ERROR: Error executing command 'get-services' : Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

      This suggests something isn't working correctly with the NiFi Toolkit JVM process/configuration or such (e.g. the correct truststore is not being used, see https://www.baeldung.com/java-trustanchors-parameter-must-be-non-empty)

      Attachments

        Issue Links

          fixes

          Bug - A problem which impairs or prevents the functions of the product. NIFI-10929 NiFi generated certificates (e.g. Single User, or nifi-toolkit) are not compatible with OpenSSL 3.x+

          • Major - Major loss of function.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. NIFI-2943 tls-toolkit pkcs12 truststore 0 entries

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-8088 Remove PKCS12 Deprecation Warning in KeyStoreUtils

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. NIFI-11133 TLS Toolkit Standalone Mode Sets Null Password for Client Keys

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link GitHub Pull Request #6881

          Activity

            People

              exceptionfactory David Handermann
              Chris S Chris Sampson
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 50m
                  50m