nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <>
Subject Re: How to trust another certificate from within nifi flows?
Date Fri, 16 Feb 2018 04:55:50 GMT

In order to do this, you will need to download/obtain the self-signed server certificate that
is presented by the remote service (you can do this through a tool like OpenSSL’s s_client
with the -showcerts flag) in PEM format, import it into a Java Keystore file acting as a truststore
(see commands below), and then identify that truststore using a StandardSSLContextService,
which you will reference in the InvokeHTTP processor.

If you encounter a specific error or exception, feel free to reply so we can assist more directly.

> openssl x509 -outform der -in certificate.pem -out certificate.der
> keytool -import -alias your-alias -keystore cacerts -file certificate.der

Andy LoPresto
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Feb 15, 2018, at 7:39 PM, nifi-san <> wrote:
> Hello Experts,
> We have a Nifi cluster without certificates or SSL implementation.
> We have a requirement to call another url/interface from the Nifi flows
> using https url since the end point is configured with SSL.
> The "https" end point uses a self signed certificate and in order to trust
> the certificate,we need to configure or point the flows on Nifi with the
> Trust certificate.
> We tried the options mentioned in the links below but have not been
> successful in getting the connection to work.
> Apart from Nifi ,other components such as Spark jobs running on cluster and
> even the browser are able to trust the certificates.
> Any pointers would be highly appreciated!
> Thanks
> --
> Sent from:

View raw message