Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Access Nifi Registry bucket hosted on a server from a locally hosted Nifi instance using client certificates

Labels:
avatar
author-rank Kiranq
Rising Star

Created ‎07-27-2023 11:09 AM

Hi,

 

My Nifi Registry is hosted on a server and is configured using client certificates and I have my Nifi instance hosted locally on my machine also using client certificates.
I am encountering this issues when I try to access buckets created in Nifi Registry from my Nifi instance:

Kiranq_0-1690481234734.png

 

More details of Nifi client certificates:
Owner: CN=localhost, OU=NIFI
Issuer: CN=localhost, OU=NIFI

More details of Nifi Registry client certificates: 

Owner: CN=<dns>, OU=NIFI
Issuer: CN=localhost, OU=NIFI

 

I read somewhere that the issuer of NiFi Registry cert, should be the owner of the trusted cert in NiFI's truststore and same is the case in my issue but even then, I cant access Nifi registry from my NIfi instance.

Can anyone point out any technical issues or suggest where I am going wrong?Thanks

768 Views
0 Kudos
3 REPLIES 3

avatar
author-rank Kiranq
Rising Star

Created ‎07-29-2023 11:30 AM

Awaiting response.

734 Views
0 Kudos

avatar
author-rank cotopaul
Guru

Created ‎07-30-2023 11:30 PM

as far as I can tell from your error message, your problem is related to your security certificates. I am no expert here, but maybe you can await for a response from @steven-matison.

While you do that, I strongly recommend you to go through the following two links, as they are eye-opening when it comes to working with certificates:

 

https://community.cloudera.com/t5/Community-Articles/NIFI-SSL-in-Modern-Versions-of-NiFi/ta-p/371937

 

https://community.cloudera.com/t5/Support-Questions/Configure-StandardSSLContextService-for-Elastics...

 

713 Views
0 Kudos

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎07-31-2023 08:11 AM

@Kiranq 
What version of Java is your NiFi using?

Sharing the output for your NiFi-Registry configured keystore and truststore in the nifi-registry.properties file would help.
Sharing the keystore and truststore configured in your NiFi registry client would help as well.

./keytool -v -list -keystore <keystore or trustsore>



You can also use openssl to see what is sent from the server (NiFi-Registry) to client (NiFi) in the initial TLS exchange.

./openssl s_client -connect <nifi-regisry hostname>:<NiFi-Registry port> -showcerts


Matt

696 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements