Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to get Nifi invokehttp SSL works in apache nifi nodes?

Solved Go to solution

How to get Nifi invokehttp SSL works in apache nifi nodes?

New Contributor

Problem: I have 3 NiFi nodes (non ambari manage cluster) and each of the nodes have their own certificate. I would like to build this flow rest-api-flow on my secured NiFi Cluster. So I referred to this article and updated the same password & name on each of the nodes.

Originally I have...
node1.jks, password=node1
node2.jks, password=node2
node3.jks, password=node3

Then renamed each of them as shared_keystore.jks with the same password 'changeit' based on this article. So now I have the same name of shared_keystore.jks with password=changeit where generated with the following command:

On node1:

keytool -storepasswd -new changeit -keystore node1.jks

keytool -keypasswd -alias [Alias name forprivate key]-keystore node1.jks

cp node1.jks shared_keystore.jks

On node2:

keytool -storepasswd -new changeit -keystore node2.jks

keytool -keypasswd -alias [Alias name forprivate key]-keystore node2.jks

cp node1.jks shared_keystore.jks

On node3:

keytool -storepasswd -new changeit -keystore node3.jks

keytool -keypasswd -alias [Alias name forprivate key]-keystore node3.jks

cp node1.jks shared_keystore.jks

Then I set SSLContextService as sslcontextservice.jpg but I still got the error as sslcontextservice2.jpg

May I know any better suggestion on this?

79383-sslcontextservice2.jpg

79382-sslcontextservice.jpg

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: How to get Nifi invokehttp SSL works in apache nifi nodes?

Contributor

Hi,

I had the same issue and after i created the SSLContextService, i had to change the property in the InvokeHttp "Always Output Response" to true and this will give you an output, in the output look for the invokehttp.remote.dn, since is a 403 error "Forbidden" it means that the dn does not have access to make this request but your SSLContextService is working.

Next step is to add the Identity that will make the https request(invokehttp.remote.dn) in NiFi User UI and run again the InvokeHTTP.

Hope this helps

3 REPLIES 3

Re: How to get Nifi invokehttp SSL works in apache nifi nodes?

New Contributor
@Matt Clarke

do you have any suggestion? Thanks in advance

Highlighted

Re: How to get Nifi invokehttp SSL works in apache nifi nodes?

Contributor

Hi,

I had the same issue and after i created the SSLContextService, i had to change the property in the InvokeHttp "Always Output Response" to true and this will give you an output, in the output look for the invokehttp.remote.dn, since is a 403 error "Forbidden" it means that the dn does not have access to make this request but your SSLContextService is working.

Next step is to add the Identity that will make the https request(invokehttp.remote.dn) in NiFi User UI and run again the InvokeHTTP.

Hope this helps

Re: How to get Nifi invokehttp SSL works in apache nifi nodes?

New Contributor

@Adrian Oprea Thanks for your answer. I fixed the issue already. My post above was using the same naming of xx.jks file in the share drive and not suppose in this way. I just placed each of the host's jks on local drive (node1.jks, node2.jks, node3.jks) and set 'StandardRestrictedSSLContextService' with one of them. So I used node1.jks. Worry about other nodes not recognize? No worried, nifi site to site will handle this and it worked fine for me.

Don't have an account?
Coming from Hortonworks? Activate your account here