Curl:How to handle NSS error -8156?

Question

I have secure nifi in which I have to use rest api, while invoking get request of processor like this:https://server_ip/nifi-api/processors/015d1364-f372-1e67-e201-a15d0erte56t. But, I got a certificate error. So, I decided to check is it possible to connect server from nifi, - I have used a CURL like this:

curl --verbose https://server_ip/nifi-api/processors/015d1364-f372-1e67-e201-a15d0erte56t

Answer is:

Initializing NSS with certpath: sql:/etc/pki/nssdb
 *   CAfile: /etc/pki/tls/certs/ca-bundle.crt   CApath: none
 * Issuer certificate is invalid: 
 * NSS error -8156
 * Closing connection #0
 * Peer certificate cannot be authenticated with known CA certificates 
curl: (60) Peer certificate cannot be authenticated with known CA

I want to know if there is any way I can get rid of this error without changing CA certificate?

Any advice will be helpful.

Answer 1

Your error told me, that your server_ip has incorrect certificate. You need to ask someone responsible for that server to look at the problem.

From your side, you could try to reach certificate via browser with developer tools, for example in Chrome, you could do next steps:

1. put in address https://server_ip/nifi-api/processors/015d1364-f372-1e67-e201-a15d0erte56t and press Enter key on your keyboard
2. open developer tools by pressing F12 key
3. navigate to tab Security
4. get details of current certificate by clicking on View certificate button.

After step 1, you could get a page with explanation of security error - just read it and you will get an answer.

BTW: from my point of view - using HTTPS with ip address is not a good idea.