Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Not valid SSL Certificate

avatar
New Contributor

Hello, I could use some help...

 

I'm using GetHTTP and InvokeHTTP processors for reading certain indices in a elasticsearch database. The URL to this database is a HTTPS, my question is the following: Is it possible to run these processors leaving the SSL Context Service property as "No value" when you insert in the URL property a HTTPs?

 

If I do this I get the following error (InvokeHTTP processor):

 
InvokeHTTP[id=0e07115a-102e-1182-be33-467ed7f3f784] Yielding processor due to exception encountered as a source processor: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: {}

 

If I run a GET to this URL in postman with "Enable SSL certificate verification"=OFF it works. However, taking a look at the error It looks like Nifi requires the SSL certificate. 

 

The problem is that if I download the certificate and import it as a trusted certificate in the KeyStore Explorer and use the SSL Context Service property I get the following error in Nifi:

 

InvokeHTTP[id=01821018-0e07-1153-5966-62a9d2f5c98e] Yielding processor due to exception encountered as a source processor: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: {}

 

This might be because the site is not safe and the downloaded certificate is not valid. I get the following alert when I introduce the URL in my search engine: Not trusted certificate.

 

Angelvillar_1-1661431638958.png

 

 Is there any way to solve this problem? How can I perform a GET in Nifi to an HTTPs without the SSL certificate?

 

Many thanks in advance for the help.

 

 

2 REPLIES 2

avatar
New Contributor

The security overview of the page is the following:

Angelvillar_0-1661513634138.png

 

I would really appreciate some help

avatar

@Angelvillar I would recommend that you create a SSL Context Service using javas cacerts as the keystore and truststore.   If that doesnt work,  THEN, try to make your own with the certs from the ELK server.

 

Here is a similar post with a lot more details of how that looks with cacerts and details for alternative custom keystore/trustore.

 

 

https://community.cloudera.com/t5/Support-Questions/Configure-StandardSSLContextService-for-Elastics...