Support Questions

Find answers, ask questions, and share your expertise

how to setup StandardSSLContextService:

avatar
Rising Star

1) I had Configured Apache NiFi SSL Authentication using the following instruction

https://www.batchiq.com/nifi-configuring-ssl-auth.html

I attached the Certificate to a web Browser and the browser is able to connect to Nifi.

2) I have Nifi connected to IBM MQ, and I know I need to configured StandardSSLContextService of JMSConnectionFactoryProvider.

3) My question is that do I need to attach the certificate to MQ? Any suggestion on how to do it?

Thanks a lot

Andy

1 ACCEPTED SOLUTION

avatar
Master Guru

The TLS/SSL properties in nifi.properties are only used for setting up authentication to NiFi. When talking to other systems, NiFi lets you specify a SSLContextService because a lot of times the certificate and truststore you want to use for communicating with other systems is going to be different. If they are the same then you can definitely create a StandardSSLContextService and point it at the same keystore and truststore that nifi.properties is pointing at.

View solution in original post

3 REPLIES 3

avatar
Master Guru

Are you asking how to configure IMB MQ to use TLS/SSL? or is your IBM MQ already configured for TLS/SSL and you want to know how to get NiFi to talk to it?

For the latter, you need to configure the StandardSSLContextService with a truststore that trusts the certificate that IBM MQ is using. Basically this means that there is a certificate authority (CA) that signed a certificate that IMB MQ is using, and you need a truststore that contains the public key of the CA so NiFi will trust IMB MQ.

avatar
Rising Star

@Bryan Bende Do I have to use StandardSSLContextService to connect to IBM mq if my nifi.properties is configured with SSL Authentication for web browser? If I have to, could I use the same certificate that I created for web browser for IBM MQ (I use nifi.pfx for the web browser)?

avatar
Master Guru

The TLS/SSL properties in nifi.properties are only used for setting up authentication to NiFi. When talking to other systems, NiFi lets you specify a SSLContextService because a lot of times the certificate and truststore you want to use for communicating with other systems is going to be different. If they are the same then you can definitely create a StandardSSLContextService and point it at the same keystore and truststore that nifi.properties is pointing at.