Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to get Nifi invokehttp SSL works in apache nifi nodes?

avatar
Contributor

Problem: I have 3 NiFi nodes (non ambari manage cluster) and each of the nodes have their own certificate. I would like to build this flow rest-api-flow on my secured NiFi Cluster. So I referred to this article and updated the same password & name on each of the nodes.

Originally I have...
node1.jks, password=node1
node2.jks, password=node2
node3.jks, password=node3

Then renamed each of them as shared_keystore.jks with the same password 'changeit' based on this article. So now I have the same name of shared_keystore.jks with password=changeit where generated with the following command:

On node1:

keytool -storepasswd -new changeit -keystore node1.jks

keytool -keypasswd -alias [Alias name forprivate key]-keystore node1.jks

cp node1.jks shared_keystore.jks

On node2:

keytool -storepasswd -new changeit -keystore node2.jks

keytool -keypasswd -alias [Alias name forprivate key]-keystore node2.jks

cp node1.jks shared_keystore.jks

On node3:

keytool -storepasswd -new changeit -keystore node3.jks

keytool -keypasswd -alias [Alias name forprivate key]-keystore node3.jks

cp node1.jks shared_keystore.jks

Then I set SSLContextService as sslcontextservice.jpg but I still got the error as sslcontextservice2.jpg

May I know any better suggestion on this?

79383-sslcontextservice2.jpg

79382-sslcontextservice.jpg

1 ACCEPTED SOLUTION

avatar
Rising Star

Hi,

I had the same issue and after i created the SSLContextService, i had to change the property in the InvokeHttp "Always Output Response" to true and this will give you an output, in the output look for the invokehttp.remote.dn, since is a 403 error "Forbidden" it means that the dn does not have access to make this request but your SSLContextService is working.

Next step is to add the Identity that will make the https request(invokehttp.remote.dn) in NiFi User UI and run again the InvokeHTTP.

Hope this helps

View solution in original post

3 REPLIES 3

avatar
Contributor
@Matt Clarke

do you have any suggestion? Thanks in advance

avatar
Rising Star

Hi,

I had the same issue and after i created the SSLContextService, i had to change the property in the InvokeHttp "Always Output Response" to true and this will give you an output, in the output look for the invokehttp.remote.dn, since is a 403 error "Forbidden" it means that the dn does not have access to make this request but your SSLContextService is working.

Next step is to add the Identity that will make the https request(invokehttp.remote.dn) in NiFi User UI and run again the InvokeHTTP.

Hope this helps

avatar
Contributor

@Adrian Oprea Thanks for your answer. I fixed the issue already. My post above was using the same naming of xx.jks file in the share drive and not suppose in this way. I just placed each of the host's jks on local drive (node1.jks, node2.jks, node3.jks) and set 'StandardRestrictedSSLContextService' with one of them. So I used node1.jks. Worry about other nodes not recognize? No worried, nifi site to site will handle this and it worked fine for me.