Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to get Nifi invokehttp SSL works in apache nifi nodes?

avatar
Contributor

Problem: I have 3 NiFi nodes (non ambari manage cluster) and each of the nodes have their own certificate. I would like to build this flow rest-api-flow on my secured NiFi Cluster. So I referred to this article and updated the same password & name on each of the nodes.

Originally I have...
node1.jks, password=node1
node2.jks, password=node2
node3.jks, password=node3

Then renamed each of them as shared_keystore.jks with the same password 'changeit' based on this article. So now I have the same name of shared_keystore.jks with password=changeit where generated with the following command:

On node1:

keytool -storepasswd -new changeit -keystore node1.jks

keytool -keypasswd -alias [Alias name forprivate key]-keystore node1.jks

cp node1.jks shared_keystore.jks

On node2:

keytool -storepasswd -new changeit -keystore node2.jks

keytool -keypasswd -alias [Alias name forprivate key]-keystore node2.jks

cp node1.jks shared_keystore.jks

On node3:

keytool -storepasswd -new changeit -keystore node3.jks

keytool -keypasswd -alias [Alias name forprivate key]-keystore node3.jks

cp node1.jks shared_keystore.jks

Then I set SSLContextService as sslcontextservice.jpg but I still got the error as sslcontextservice2.jpg

May I know any better suggestion on this?

79383-sslcontextservice2.jpg

79382-sslcontextservice.jpg

1 ACCEPTED SOLUTION

avatar
Rising Star
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
3 REPLIES 3

avatar
Contributor
@Matt Clarke

do you have any suggestion? Thanks in advance

avatar
Rising Star
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Contributor

@Adrian Oprea Thanks for your answer. I fixed the issue already. My post above was using the same naming of xx.jks file in the share drive and not suppose in this way. I just placed each of the host's jks on local drive (node1.jks, node2.jks, node3.jks) and set 'StandardRestrictedSSLContextService' with one of them. So I used node1.jks. Worry about other nodes not recognize? No worried, nifi site to site will handle this and it worked fine for me.