@MattWho  Thanks for the answers ! You're right in my nifi.properties : nifi.security.needClientAuth is set to false. My version of nifi is an old one (1.9.2). I will pay more attention during my next upgrade.   My nifi and my nifi-registry are both secured. I have only added the CN of my nifi app cert into authorizers.xml file (userGroupProvider and accessPolicyProvider). ... View more

@Kielbik    You can stop version control on your Process Group in NiFi and then start version control again to recreate the flow in nifi-registry. NiFi and NiFi-registry do not offer an undo action when you inadvertently delete an item. Hope this helps, Matt ... View more

Want to add some clarity to this last comment: ListenHTTP requires 2-way TLS when enabled if a SSLContextService has been configured with a truststore.  The truststore is used to trust the client certificate presented by the client, for the purpose of authentication, connecting to this secured ListenHTTP processor.     If only a keystore and no truststore is configured in the SSLContext service, the ListenHTTP will not require that clients present a client certificate. The server certificate from the keystore will be presented to the client so the client can verify that it trusts the server (NiFI listenHTTP jetty server) that it is connecting with. ... View more

Thanks a lot Matt!! ... View more

@lueenavarro    Using a  key that has no password protection is bad security.  This is why the processor requires a password to protect that key. Adding a password to the key you were provided does not alter the key nor does it require you to obtain a new key in order to add a password. Only other option i can suggest is to use an ExecuteStreamCommand or ExecuteScript processor to to execute the SFTP command with your password-less key to put content to your SFTP server.   Hope this helps, Matt ... View more

@VijaySankar    Unfortunately with the information you have shared, it is not possible for me to validate what the issue is here. I would need to output from the openssl commands i shared earlier to help. openssl s_client -connect <server hostname>:<server port> Also the verbose listing of both your keystore and truststore files would be needed:   keytool -v -list -keystore keystore.jks keytool -v -list -keystore nifi.com.jks     The target server is what decides if connection is going to use mutual auth or not.  The invokeHTTP is the client side of this connection and only provides what the server asks for in the server hello response.   It is possible also in that server hello response that the server wants a client certificate; however, the list of CAs sent in that server hello response does not contain a CA capable of trusting your clientAuth PrivateKeyEntry in your nifi.com.jks.  In that case client would not send the client certificate since server is incapable of trusting it. Matt ... View more

Will do. Thanks. ... View more

  Hi,   I've tried to set a global variable for "Minimum Number of Entries" but it doesn't work. How did you manage to do this? I have n number of flowfiles and I need to wait for all of them to arrive at "MergeContent" processor so they can be merged. I only know the number of flowfiles at runtime so I keep updating a  counter set as a global variable, but then I tried to set the "Minimum Number of Entries" of "MergeContent" processor to that variable but it doesn't work. I don't know how long I need wait to get all the flowfiles so I can't use that either. I don't know what to do, can someone help? ... View more