question Re: NiFi InvokeHttp processor with self-signed endpoint in Support Questions

NiFi InvokeHttp processor with self-signed endpoint

oliver — Wed, 14 Sep 2016 23:20:00 GMT

I'm trying to use InvokeHTTP to write to webhdfs via Knox (into a kerberos secured cluster). Knox is using a self-signed certificate and that is not likely to change. If I use curl with the -k param to allow self-signed certs I can successfully write to HDFS. When using InvokeHTTP though, it barfs on the self-signed cert ("unable to find valid certification path to requested target"). I'm using Apachie NiFi 1.0 (though same problem with 0.7) with HDP 2.2 cluster. Any ideas?

Re: NiFi InvokeHttp processor with self-signed endpoint

andrewg — Thu, 15 Sep 2016 00:05:55 GMT

Hi Oliver. One would need to configure SSL context and add the self-signed certificate to the keystore used by it. Take a look at https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi.ssl.StandardSSLContextService/index.html

The components which support SSL will have a controller service property to reference. You would configure all SSL details and keystores in there, to be used by other processors.

Re: NiFi InvokeHttp processor with self-signed endpoint

oliver — Thu, 15 Sep 2016 21:17:37 GMT

Thanks Andrew - didn't read deep enough into the docs.