Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to use InvokeHTTP without SSL verification

Labels:
avatar
author-rank vatodorov19
Contributor

Created ‎11-05-2020 11:09 AM

How can I use InvokeHTTP without SSL verification? I followed this article on how to import the public certificate but that cert is not CA-signed, and InvokeHTTP doesn't work. Below is the error I get.

https://community.cloudera.com/t5/Support-Questions/Is-it-possible-to-provide-options-to-InvokeHTTP-...

 

vatodorov19_1-1604603238416.png

 

In InvokeHTTP, I'm using the StandardSSLContextService with the following configs:

 

vatodorov19_2-1604603342053.png

 

 

Thanks.

Valentin

 

 

7,817 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank stevenmatison
Super Guru

Created ‎11-09-2020 04:40 AM

@vatodorov19   If the service you are connecting too is https,  there is no way to use invokeHttp without SSL Verification.   If the remote host is using a publicly signed cert, try using cacerts in your java location before trying to make keystores and truststores.   If you do make keystores and truststores from the service's public or self signed certs you will need to make sure those certs are generated following best practices. For example: using a real hostname for the service and make sure you connect to the same hostname, not an ip or "resilient.localdomain".

 

If this answer resolves your issue or allows you to move forward, please choose to ACCEPT this solution and close this topic. If you have further dialogue on this topic please comment here or feel free to private message me. If you have new questions related to your Use Case please create separate topic and feel free to tag me in your post.

 

Thanks,

Steven

View solution in original post

7,786 Views
0 Kudos
4 REPLIES 4

avatar
author-rank stevenmatison
Super Guru

Created ‎11-09-2020 04:40 AM

@vatodorov19   If the service you are connecting too is https,  there is no way to use invokeHttp without SSL Verification.   If the remote host is using a publicly signed cert, try using cacerts in your java location before trying to make keystores and truststores.   If you do make keystores and truststores from the service's public or self signed certs you will need to make sure those certs are generated following best practices. For example: using a real hostname for the service and make sure you connect to the same hostname, not an ip or "resilient.localdomain".

 

If this answer resolves your issue or allows you to move forward, please choose to ACCEPT this solution and close this topic. If you have further dialogue on this topic please comment here or feel free to private message me. If you have new questions related to your Use Case please create separate topic and feel free to tag me in your post.

 

Thanks,

Steven

7,787 Views
0 Kudos

avatar
author-rank vatodorov19
Contributor

Created ‎11-12-2020 06:55 AM

Thanks @stevenmatison

Is there a plan to add a feature to InvokeHTTP to access hosts with a self-signed cert? It is very common for organizations to deploy internal hosts with localhost.localdomain certs, that are only accessible by the IP.

7,773 Views
0 Kudos

avatar
author-rank stevenmatison
Super Guru

Created ‎11-12-2020 08:12 AM

@vatodorov19   I have used tons of self signed certs and not had issues.   Maybe you need to just adjust the method to create the self signed certs and/or the keystore and truststores based on known working nifi samples.   SSL, Certs, Keystores, Versions, and SSL Context Services each are all very finicky so getting them right can be as easy as a config change, or adjustment in the commands to kick of cert/keystore creations.

7,758 Views
0 Kudos

avatar
author-rank Althotta
Rising Star

Created ‎06-15-2022 01:23 AM

I have used invokeHTTP in 1.12 version without SSL cert and works fine, however new version 1.16 doesn't. Any settings available to ignore?. Ex: I connect to SQL server with JDBCConnection with property trustServerCertificate=true; post which it works without certifcates.

6,581 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements