nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <alopre...@apache.org>
Subject Re: How to trust another certificate from within nifi flows?
Date Fri, 16 Feb 2018 04:55:50 GMT
Hi,

In order to do this, you will need to download/obtain the self-signed server certificate that
is presented by the remote service (you can do this through a tool like OpenSSL’s s_client
with the -showcerts flag) in PEM format, import it into a Java Keystore file acting as a truststore
(see commands below), and then identify that truststore using a StandardSSLContextService,
which you will reference in the InvokeHTTP processor.

If you encounter a specific error or exception, feel free to reply so we can assist more directly.

> openssl x509 -outform der -in certificate.pem -out certificate.der
> keytool -import -alias your-alias -keystore cacerts -file certificate.der



Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Feb 15, 2018, at 7:39 PM, nifi-san <nairsandeepk@gmail.com> wrote:
> 
> Hello Experts,
> 
> We have a Nifi cluster without certificates or SSL implementation.
> We have a requirement to call another url/interface from the Nifi flows
> using https url since the end point is configured with SSL.
> The "https" end point uses a self signed certificate and in order to trust
> the certificate,we need to configure or point the flows on Nifi with the
> Trust certificate.
> 
> We tried the options mentioned in the links below but have not been
> successful in getting the connection to work.
> 
> http://www.tomaszezula.com/2016/11/06/using-ssl-with-nifi/
> 
> 
> Apart from Nifi ,other components such as Spark jobs running on cluster and
> even the browser are able to trust the certificates.
> 
> Any pointers would be highly appreciated!
> 
> Thanks
> 
> 
> 
> --
> Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/


Mime
View raw message