我正在学习 NiFi 并尝试在我的组织中使用自签名证书启动 NiFi。我的证书包括 ca.pem、ca.key、nifi.pem、nifi.key。我在这个direction之后创建了密钥库、信任库并配置了nifi.properties。但是我在启动NiFi时遇到了以下错误。我检查并重复了多次上述步骤,但找不到原因。
java.lang.IllegalStateException: Invalid nifi.web.https configuration in nifi.properties
at org.apache.nifi.web.server.connector.FrameworkServerConnectorFactory.<init>(FrameworkServerConnectorFactory.java:89)
at org.apache.nifi.web.server.JettyServer.configureConnectors(JettyServer.java:688)
at org.apache.nifi.web.server.JettyServer.init(JettyServer.java:204)
at org.apache.nifi.web.server.JettyServer.initialize(JettyServer.java:1002)
at org.apache.nifi.NiFi.<init>(NiFi.java:164)
at org.apache.nifi.NiFi.<init>(NiFi.java:83)
at org.apache.nifi.NiFi.main(NiFi.java:332)
Caused by: org.apache.nifi.security.util.TlsException: Error loading keystore
at org.apache.nifi.security.util.KeyStoreUtils.getKeyManagerFactoryFromKeyStore(KeyStoreUtils.java:234)
at org.apache.nifi.security.util.KeyStoreUtils.loadKeyManagerFactory(KeyStoreUtils.java:267)
at org.apache.nifi.security.util.KeyStoreUtils.loadKeyManagerFactory(KeyStoreUtils.java:246)
at org.apache.nifi.security.util.SslContextFactory.getKeyManagers(SslContextFactory.java:145)
at org.apache.nifi.security.util.SslContextFactory.createSslContext(SslContextFactory.java:86)
at org.apache.nifi.security.util.SslContextFactory.createSslContext(SslContextFactory.java:69)
at org.apache.nifi.web.server.connector.FrameworkServerConnectorFactory.<init>(FrameworkServerConnectorFactory.java:86)
... 6 common frames omitted
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at java.base/sun.security.provider.KeyProtector.recover(KeyProtector.java:294)
at java.base/sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:162)
at java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:93)
at java.base/java.security.KeyStore.getKey(KeyStore.java:1075)
at java.base/sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:141)
at java.base/sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:64)
at java.base/javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:270)
at org.apache.nifi.security.util.KeyStoreUtils.getKeyManagerFactoryFromKeyStore(KeyStoreUtils.java:229)
... 12 common frames omitted
抱歉,问题不是来自 NiFi,而是来自用于使用 OpenSSL 生成证书的证书构建选项。尽管如此,现在我还不知道准确的原因是什么,但是,我在从 openssql 命令中删除“-aes256”选项后绕过了它。