Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

how to setup StandardSSLContextService:

Labels:
avatar
author-rank toandyliang
Rising Star

Created ‎03-06-2017 05:02 PM

1) I had Configured Apache NiFi SSL Authentication using the following instruction

https://www.batchiq.com/nifi-configuring-ssl-auth.html

I attached the Certificate to a web Browser and the browser is able to connect to Nifi.

2) I have Nifi connected to IBM MQ, and I know I need to configured StandardSSLContextService of JMSConnectionFactoryProvider.

3) My question is that do I need to attach the certificate to MQ? Any suggestion on how to do it?

Thanks a lot

Andy

5,478 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank bbende author-rank
Master Guru

Created ‎03-06-2017 06:57 PM

The TLS/SSL properties in nifi.properties are only used for setting up authentication to NiFi. When talking to other systems, NiFi lets you specify a SSLContextService because a lot of times the certificate and truststore you want to use for communicating with other systems is going to be different. If they are the same then you can definitely create a StandardSSLContextService and point it at the same keystore and truststore that nifi.properties is pointing at.

View solution in original post

3,927 Views
3 REPLIES 3

avatar
author-rank bbende author-rank
Master Guru

Created ‎03-06-2017 06:10 PM

Are you asking how to configure IMB MQ to use TLS/SSL? or is your IBM MQ already configured for TLS/SSL and you want to know how to get NiFi to talk to it?

For the latter, you need to configure the StandardSSLContextService with a truststore that trusts the certificate that IBM MQ is using. Basically this means that there is a certificate authority (CA) that signed a certificate that IMB MQ is using, and you need a truststore that contains the public key of the CA so NiFi will trust IMB MQ.

3,927 Views

avatar
author-rank toandyliang
Rising Star

Created ‎03-06-2017 06:51 PM

@Bryan Bende Do I have to use StandardSSLContextService to connect to IBM mq if my nifi.properties is configured with SSL Authentication for web browser? If I have to, could I use the same certificate that I created for web browser for IBM MQ (I use nifi.pfx for the web browser)?

3,927 Views
0 Kudos

avatar
author-rank bbende author-rank
Master Guru

Created ‎03-06-2017 06:57 PM

The TLS/SSL properties in nifi.properties are only used for setting up authentication to NiFi. When talking to other systems, NiFi lets you specify a SSLContextService because a lot of times the certificate and truststore you want to use for communicating with other systems is going to be different. If they are the same then you can definitely create a StandardSSLContextService and point it at the same keystore and truststore that nifi.properties is pointing at.

3,928 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements