Created 10-24-2016 09:36 AM
Hi all,
I'm trying use listenhttp with ssl.
I've read this post : http://www.simonellistonball.com/technology/nifi-ssl-listenhttp/
But i don't know how use keystore from client. It is the same keystore than keystore used in nifi.properties ?
thanks
Created 10-24-2016 12:45 PM
Want to get a detailed solution you have to login/registered on the community
Register/LoginCreated 09-17-2019 02:42 AM
Hi Mat,
Sorry to post my question here not getting the way out.
I have configured SSL with CA signed certs on the Server.By CA signed i mean actual CA and not NIFI CA.
I am using Nifi on a single machine without Ambari.
Now i want a client to authenticate and use nifi , how to create the client cert so that it authenticates to the CA signed cert on server.
Created on 10-28-2016 09:21 AM - edited 08-18-2019 06:20 AM
I've changed my configuration Controller Service but I'm running an issue
I've checked all truststore/keystore on all the cluster, their use same passwd
Created 10-28-2016 11:14 AM
It does not look like you provided you key password.
Created 10-31-2016 08:34 AM
Now that ContextServiceSSL was enabled. I need to generate keystore for my client/user ?
Created 10-31-2016 01:03 PM
ListenHTTP requires 2-way SSL when enabled. So the client will also need a keystore and truststore. The Truststore on both your client and server will need to contain the trusted cert entry for each others client cert. If you used the same CA for both then you should be good. If not you will need to add the CA or trusted key entry (Public key from each private key entry.) to each others Truststores.
Created 02-05-2020 08:00 AM
Want to add some clarity to this last comment:
ListenHTTP requires 2-way TLS when enabled if a SSLContextService has been configured with a truststore. The truststore is used to trust the client certificate presented by the client, for the purpose of authentication, connecting to this secured ListenHTTP processor.
If only a keystore and no truststore is configured in the SSLContext service, the ListenHTTP will not require that clients present a client certificate.
The server certificate from the keystore will be presented to the client so the client can verify that it trusts the server (NiFI listenHTTP jetty server) that it is connecting with.