ssl certificate not working - ERR_BAD_SSL_CLIENT_AUTH_CERT

Question

I am trying to setup secure nifi registry, following this tutorial.

After everything is setup, opening the website, i am facing this error on webpage.

This site can’t provide a secure connection. localhost didn’t accept your login certificate, or one may not have been provided.
Try contacting the system admin.
ERR_BAD_SSL_CLIENT_AUTH_CERT

With my understanding this means something is wrong with my browser or my client side. And on server and side certificate is good setup. (Please correct me if wrong)

I am doing this on a remote ubuntu server after logging in using ssh.

When it was asked to open the .p12 by double clicking on it, I had to copy it to my local machine and mac throws this error "cannot add certificate to keychain unknown format, " So I had to convert it to other format using this command openssl pkcs12 -in CN=admin_OU=NiFi.p12 -clcerts -nokeys -out certificate.cer

and then it worked.

Still when i close my browser and open the https://localhost:18443/ it says same error 'ERR_BAD_SSL_CLIENT_AUTH_CERT'

(I am actually doing tunneling to remote server before opening the site.)

I really cannot understand what is going wrong here. Can someone please help me understand the issue and a probable fix ? Once i fix this in remote, i want to implement in Docker compose as well.

Answer 1

I had this problem: I assigned "false" to the nifi.registry.security.needClientAuth property attribute and it worked.

The documentation says about this parameter:

This specifies that connecting clients must authenticate with a client cert. Setting this to false will specify that connecting clients may optionally authenticate with a client cert, but may also login with a username and password against a configured identity provider. The default value is true.