question Encrypt data in transit in Nifi using HandleHttpRequest in Support Questions

Encrypt data in transit in Nifi using HandleHttpRequest

Boenu — Mon, 23 Dec 2019 14:25:53 GMT

Raw data will be transferred from the source through an HandleHttpRequest. How can I encrypt in motion this traffic?

Re: Encrypt data in transit in Nifi using HandleHttpRequest

stevenmatison — Mon, 23 Dec 2019 17:45:19 GMT

You will need to send the raw data to NiFi HandleHTTPRequest using https protocol. This will require that NIFI be secured (per required documentation). If your source is secure also, the HandleHTTPRequest should be configured using an SSLContextService with a keystore and truststore containing the certs for the source.

Re: Encrypt data in transit in Nifi using HandleHttpRequest

MattWho — Mon, 23 Dec 2019 17:51:49 GMT

@Boenu

You will need to configure your HandleHttpRequest processor with a SSL Context Service in order to encrypt data in transit being sent to this processor from a client. This of course then means you client needs to be able to at a minimum to trust the server certificate presented by this SSL context service in the TLS handshake. The truststore you use in the NiFi SSL Context Service will only need to contain the public cert for your client or complete certificate trust chain for your client if you have configured your HandleHttpRequest processor to "Need authentication" in the Client Authentication property. Mutual Authentication is not needed to ensure encryption of data in transit.

Hope this helps,

Matt