Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Encrypt data in transit in Nifi using HandleHttpRequest

Labels:
avatar
author-rank Boenu
New Contributor

Created on ‎12-23-2019 12:57 AM - last edited on ‎12-23-2019 06:25 AM by Community Manager Community Manager

Raw data will be transferred from the source through an  HandleHttpRequest. How can I encrypt in motion this traffic?

995 Views
0 Kudos
2 ACCEPTED SOLUTIONS

avatar
author-rank stevenmatison
Super Guru

Created ‎12-23-2019 09:45 AM

You will need to send the raw data to NiFi HandleHTTPRequest using https protocol.  This will require that NIFI be secured (per required documentation).  If your source is secure also, the HandleHTTPRequest should be configured using an SSLContextService with a keystore and truststore containing the certs for the source.

View solution in original post

968 Views
0 Kudos

avatar
author-rank MattWho author-rank
Super Mentor

Created on ‎12-23-2019 09:48 AM - edited ‎12-23-2019 09:51 AM

@Boenu 

 

You will need to configure your HandleHttpRequest processor with a SSL Context Service in order to encrypt data in transit being sent to this processor from a client.  This of course then means you client needs to be able to at a minimum to trust the server certificate presented by this SSL context service in the TLS handshake.  The truststore you use in the NiFi SSL Context Service will only need to contain the public cert for your client or complete certificate trust chain for your client if you have configured your HandleHttpRequest processor to "Need authentication" in the Client Authentication property.  Mutual Authentication is not needed to ensure encryption of data in transit.  

Hope this helps,

Matt

View solution in original post

967 Views
0 Kudos
2 REPLIES 2

avatar
author-rank stevenmatison
Super Guru

Created ‎12-23-2019 09:45 AM

You will need to send the raw data to NiFi HandleHTTPRequest using https protocol.  This will require that NIFI be secured (per required documentation).  If your source is secure also, the HandleHTTPRequest should be configured using an SSLContextService with a keystore and truststore containing the certs for the source.

969 Views
0 Kudos

avatar
author-rank MattWho author-rank
Super Mentor

Created on ‎12-23-2019 09:48 AM - edited ‎12-23-2019 09:51 AM

@Boenu 

 

You will need to configure your HandleHttpRequest processor with a SSL Context Service in order to encrypt data in transit being sent to this processor from a client.  This of course then means you client needs to be able to at a minimum to trust the server certificate presented by this SSL context service in the TLS handshake.  The truststore you use in the NiFi SSL Context Service will only need to contain the public cert for your client or complete certificate trust chain for your client if you have configured your HandleHttpRequest processor to "Need authentication" in the Client Authentication property.  Mutual Authentication is not needed to ensure encryption of data in transit.  

Hope this helps,

Matt

968 Views
0 Kudos
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
meetups banner