nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aldrin Piri <aldrinp...@gmail.com>
Subject Re: Nifi GetHttp https endpoint keystore password error
Date Fri, 06 Nov 2015 04:07:05 GMT
You would want this just for the truststore.  The keystore comes into play
when you are looking at doing two-way or mutual SSL.

In your case, and please correct me if I am wrong, you are just looking to
access content from an HTTPS site that is publicly available (like
https://www.google.com/).  The truststore just provides a way of vetting
the specified endpoint as being as anticipated.

On Thu, Nov 5, 2015 at 10:57 PM, M Singh <mans2singh@yahoo.com> wrote:

> Hi Aldrin:
>
> The password was the issue as you mentioned and that resolved my issue.
>
> I filled the same info for both keystore and truststore but am not sure if
> both are required.  Would it help to have some documentation on whether
> keystore or truststore or both are required and how to trouble shoot the
> store type and protocol misconfiguration issue.
>
> Thanks again for your help.
>
> Mans
>
>
>
> On Thursday, November 5, 2015 3:58 PM, Aldrin Piri <aldrinpiri@gmail.com>
> wrote:
>
>
> Hi Mans,
>
> Quite all right and SSL can be a bit overwhelming for those not familiar.
>
> We had a user with similar issues as you, please check out the associated
> thread here:
> https://mail-archives.apache.org/mod_mbox/nifi-users/201509.mbox/%3CEB8BF379-164B-49D0-82B5-7043F2891FC1@gmail.com%3E
>
> In summary and with the assumption you are just trying to access a public
> HTTPS site, you should be able to configure the truststore with the path as
> you expected, but the password is "changeit" by default and not your
> password.
>
> Let us know if you are still experiencing issues.
>
> For the rest of the community, this is something we need to make easier
> and more obvious whether it is merely documentation or other mechanism
> within the UI itself.
>
> Thanks!
>
> On Thu, Nov 5, 2015 at 6:51 PM, M Singh <mans2singh@yahoo.com> wrote:
>
> Hi:
>
> I am trying to access a https endpoint using GetHttp processor and being a
> newbie am having trouble.  I am on a Mac with Java 1.8 and nifi version
> 0.3.1-SNAPSHOT.
>
> In the GetHttp properties - when I set the url to the https endpoint
> without any other setting, I get an error that no ssl context has been
> specified.
>
> On setting the ssl context to StandardSSLContextService - I get a arrow
> icon to set the properties of the SSL controller.  I am not sure what
> values are required for this dialog box (Keystore file, password, type,
> Truststore file, password, type and ssl protocol).  I've tried tls and
> pointing the keystore and truststore files to
> $JAVA_HOME/Contents/Home/jre/lib/security/cacerts with type jks and my
> password but i get an error indicating that the keystore password is
> invalid.
>
> This is the first time I am dealing with keystore/truststores so am
> definitely missing something basic, but if anyone has any pointers to how
> to I can resolve this, please let me know.
>
> Thanks.
>
>
>
>
>

Mime
View raw message