Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

how to setup StandardSSLContextService:

Labels:
avatar
author-rank toandyliang
Rising Star

Created ‎03-06-2017 05:02 PM

1) I had Configured Apache NiFi SSL Authentication using the following instruction

https://www.batchiq.com/nifi-configuring-ssl-auth.html

I attached the Certificate to a web Browser and the browser is able to connect to Nifi.

2) I have Nifi connected to IBM MQ, and I know I need to configured StandardSSLContextService of JMSConnectionFactoryProvider.

3) My question is that do I need to attach the certificate to MQ? Any suggestion on how to do it?

Thanks a lot

Andy

4,958 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank bbende author-rank
Master Guru

Created ‎03-06-2017 06:57 PM

The TLS/SSL properties in nifi.properties are only used for setting up authentication to NiFi. When talking to other systems, NiFi lets you specify a SSLContextService because a lot of times the certificate and truststore you want to use for communicating with other systems is going to be different. If they are the same then you can definitely create a StandardSSLContextService and point it at the same keystore and truststore that nifi.properties is pointing at.

View solution in original post

3,407 Views
3 REPLIES 3

avatar
author-rank bbende author-rank
Master Guru

Created ‎03-06-2017 06:10 PM

Are you asking how to configure IMB MQ to use TLS/SSL? or is your IBM MQ already configured for TLS/SSL and you want to know how to get NiFi to talk to it?

For the latter, you need to configure the StandardSSLContextService with a truststore that trusts the certificate that IBM MQ is using. Basically this means that there is a certificate authority (CA) that signed a certificate that IMB MQ is using, and you need a truststore that contains the public key of the CA so NiFi will trust IMB MQ.

3,407 Views

avatar
author-rank toandyliang
Rising Star

Created ‎03-06-2017 06:51 PM

@Bryan Bende Do I have to use StandardSSLContextService to connect to IBM mq if my nifi.properties is configured with SSL Authentication for web browser? If I have to, could I use the same certificate that I created for web browser for IBM MQ (I use nifi.pfx for the web browser)?

3,407 Views
0 Kudos

avatar
author-rank bbende author-rank
Master Guru

Created ‎03-06-2017 06:57 PM

The TLS/SSL properties in nifi.properties are only used for setting up authentication to NiFi. When talking to other systems, NiFi lets you specify a SSLContextService because a lot of times the certificate and truststore you want to use for communicating with other systems is going to be different. If they are the same then you can definitely create a StandardSSLContextService and point it at the same keystore and truststore that nifi.properties is pointing at.

3,408 Views
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements