Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to get Nifi invokehttp SSL works in apache nifi nodes?

Labels:
avatar
author-rank yimsiokek
Contributor

Created on ‎07-03-2018 12:08 PM - edited ‎08-18-2019 01:08 AM

Problem: I have 3 NiFi nodes (non ambari manage cluster) and each of the nodes have their own certificate. I would like to build this flow rest-api-flow on my secured NiFi Cluster. So I referred to this article and updated the same password & name on each of the nodes.

Originally I have...
node1.jks, password=node1
node2.jks, password=node2
node3.jks, password=node3

Then renamed each of them as shared_keystore.jks with the same password 'changeit' based on this article. So now I have the same name of shared_keystore.jks with password=changeit where generated with the following command:

On node1:

keytool -storepasswd -new changeit -keystore node1.jks

keytool -keypasswd -alias [Alias name forprivate key]-keystore node1.jks

cp node1.jks shared_keystore.jks

On node2:

keytool -storepasswd -new changeit -keystore node2.jks

keytool -keypasswd -alias [Alias name forprivate key]-keystore node2.jks

cp node1.jks shared_keystore.jks

On node3:

keytool -storepasswd -new changeit -keystore node3.jks

keytool -keypasswd -alias [Alias name forprivate key]-keystore node3.jks

cp node1.jks shared_keystore.jks

Then I set SSLContextService as sslcontextservice.jpg but I still got the error as sslcontextservice2.jpg

May I know any better suggestion on this?

79383-sslcontextservice2.jpg

79382-sslcontextservice.jpg

8,916 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank opreaadrian1
Rising Star

Created ‎10-26-2018 01:03 AM

Hi,

I had the same issue and after i created the SSLContextService, i had to change the property in the InvokeHttp "Always Output Response" to true and this will give you an output, in the output look for the invokehttp.remote.dn, since is a 403 error "Forbidden" it means that the dn does not have access to make this request but your SSLContextService is working.

Next step is to add the Identity that will make the https request(invokehttp.remote.dn) in NiFi User UI and run again the InvokeHTTP.

Hope this helps

View solution in original post

8,282 Views
0 Kudos
3 REPLIES 3

avatar
author-rank yimsiokek
Contributor

Created ‎07-03-2018 12:10 PM

@Matt Clarke

do you have any suggestion? Thanks in advance

8,282 Views
0 Kudos

avatar
author-rank opreaadrian1
Rising Star

Created ‎10-26-2018 01:03 AM

Hi,

I had the same issue and after i created the SSLContextService, i had to change the property in the InvokeHttp "Always Output Response" to true and this will give you an output, in the output look for the invokehttp.remote.dn, since is a 403 error "Forbidden" it means that the dn does not have access to make this request but your SSLContextService is working.

Next step is to add the Identity that will make the https request(invokehttp.remote.dn) in NiFi User UI and run again the InvokeHTTP.

Hope this helps

8,283 Views
0 Kudos

avatar
author-rank yimsiokek
Contributor

Created ‎10-26-2018 02:06 AM

@Adrian Oprea Thanks for your answer. I fixed the issue already. My post above was using the same naming of xx.jks file in the share drive and not suppose in this way. I just placed each of the host's jks on local drive (node1.jks, node2.jks, node3.jks) and set 'StandardRestrictedSSLContextService' with one of them. So I used node1.jks. Worry about other nodes not recognize? No worried, nifi site to site will handle this and it worked fine for me.

8,282 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements