Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Nifi setting up ListenFTP - SSL settings

avatar
Explorer

I'm having difficulty with this processor and making sure I get all the security stuff correct.

 

I've got no problem with everything downstream, but when it comes to Keystore/Truststore stuff I'm like a potato in a forgotten cellar. 

 

For now, just to test, I have this (nifi 1.15.3):

Tokolosk_0-1650880196321.png

 

Tokolosk_1-1650880234720.png

And the SSL Context:

Tokolosk_2-1650880270467.png

Where my jks was generated using (with testing values)
keytool -genkey -alias nifi-ftps -keyalg RSA -keypass MyKeyPass312 -storepass MyStorePass312 -keystore nftp.jks

 

When I log on with Filezilla it gets to this point:
Status: Connecting to my.server.ip...
Status: Using username "nifitest".
Status: Access denied
Error: Authentication failed.
Error: Critical error: Could not connect to server

 

Which I assume means the ports etc are all good and it can connect to the Processor - but I'm missing something in my SSL settings. I have tried changing FileZilla to use a key file but it only uses PPK or PEM files.

 

This is my java version:

 

sudo java -version
openjdk version "1.8.0_312"
OpenJDK Runtime Environment (build 1.8.0_312-8u312-b07-0ubuntu1~20.04-b07)
OpenJDK 64-Bit Server VM (build 25.312-b07, mixed mode)

 

3 REPLIES 3

avatar
Master Collaborator

Have you tested ListenFTP without setting SSLContextService? just to make sure supplied username and password is correct?

 

avatar
Explorer

@ckumar yes I have - the username and passwords are correct.

avatar

@Tokolosk I would recommend that you provide java's cacerts as the keystore/truststore with the default password (changeit).  This will work for most public certs.    If you have a custom cert at the SFTP end you will need to import that cert and create your own keystore/truststore.  I always try cacerts first.