Created 03-01-2016 09:24 AM
i try to use the plain HTTP endpoint of api open graph of facebook, but it support HTTPS endpoint ( authentication with access_token) , so i obliged to add certificate facebook to nifi and create a ssl context, i upload the different certificates (file PEM) that facebook use but i don't know how to configure nifi to know it( how i add to keystore and trustore), any help is appreciate.
Created 03-01-2016 07:25 PM
@nejm hadj, as I answered to your comment on the other question, it sounds like you need to complete the following steps:
$ openssl s_client -showcerts -connect graph.facebook.com:443 </dev/null
/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com
) is issued by the DigiCert certificate (/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
), and that intermediate CA is in turn issued by the DigiCert Root CA (/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
). The Root CA is already present in the default Java cacerts
truststore, located at $JAVA_HOME/jre/lib/security/cacerts
. You can verify this by running the following command: $ keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -alias digicerthighassuranceevrootca
and comparing the SHA-1 fingerprints (also available at DigiCert's website). PostHTTP
processor to use an SSLContext
which references that truststore file.
JKS
.$JAVA_HOME/jre/lib/security/cacerts
.changeit
.Created 03-01-2016 01:01 PM
Created 03-01-2016 06:49 PM
@Geoffrey Shelton Ogot, that article describes how to configure certificates, a keystore, and a truststore in order to provide NiFi as an HTTPS server, and how to configure certificates for individual users to provide client authentication. It will not assist @nejm hadj in this case.
Created 03-01-2016 07:29 PM
If I understood well that's exactly the process nejm is trying to implement import and add the facebook certificate to a keystore and truststore to nifi !
Created 03-01-2016 08:23 PM
@Geoffrey Shelton Ogot My response is too long to fit here. I've posted it as a GitHub gist.
Created 03-02-2016 05:50 AM
Created 03-01-2016 07:25 PM
@nejm hadj, as I answered to your comment on the other question, it sounds like you need to complete the following steps:
$ openssl s_client -showcerts -connect graph.facebook.com:443 </dev/null
/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com
) is issued by the DigiCert certificate (/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
), and that intermediate CA is in turn issued by the DigiCert Root CA (/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
). The Root CA is already present in the default Java cacerts
truststore, located at $JAVA_HOME/jre/lib/security/cacerts
. You can verify this by running the following command: $ keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -alias digicerthighassuranceevrootca
and comparing the SHA-1 fingerprints (also available at DigiCert's website). PostHTTP
processor to use an SSLContext
which references that truststore file.
JKS
.$JAVA_HOME/jre/lib/security/cacerts
.changeit
.Created 03-02-2016 10:47 AM
thank you @Andy LoPresto i follow the 3rd step without adding the Facebook server certificates and it 'is work , the PostHttp processor can support now https request but your document is very useful for me to know how i can add certificate to my trustore .
Created on 03-02-2017 06:57 AM - edited 08-19-2019 05:05 AM
I am still struggling with that. Tried to add certificate to the truststore as well as you mentioned in your posts however,still getHTTP is not working. It is showing me an error in the access token which is working fine if I put that in the browser. I am yusing the template provided by github. SSL context service is also enabled.
Highly appreciate your support. Thanks.