Thanks Matt. Where the flow file will be created to give to fetch processor. In my scenario , avro files will be created in subdirectories. I saw listhdfs supports hdfs.But i am not able to connect the listhdfs processor to fetch processor ... View more

@MattWho  Thanks for the answers ! You're right in my nifi.properties : nifi.security.needClientAuth is set to false. My version of nifi is an old one (1.9.2). I will pay more attention during my next upgrade.   My nifi and my nifi-registry are both secured. I have only added the CN of my nifi app cert into authorizers.xml file (userGroupProvider and accessPolicyProvider). ... View more

@Kielbik    You can stop version control on your Process Group in NiFi and then start version control again to recreate the flow in nifi-registry. NiFi and NiFi-registry do not offer an undo action when you inadvertently delete an item. Hope this helps, Matt ... View more

Want to add some clarity to this last comment: ListenHTTP requires 2-way TLS when enabled if a SSLContextService has been configured with a truststore.  The truststore is used to trust the client certificate presented by the client, for the purpose of authentication, connecting to this secured ListenHTTP processor.     If only a keystore and no truststore is configured in the SSLContext service, the ListenHTTP will not require that clients present a client certificate. The server certificate from the keystore will be presented to the client so the client can verify that it trusts the server (NiFI listenHTTP jetty server) that it is connecting with. ... View more

Thanks a lot Matt!! ... View more

@lueenavarro    Using a  key that has no password protection is bad security.  This is why the processor requires a password to protect that key. Adding a password to the key you were provided does not alter the key nor does it require you to obtain a new key in order to add a password. Only other option i can suggest is to use an ExecuteStreamCommand or ExecuteScript processor to to execute the SFTP command with your password-less key to put content to your SFTP server.   Hope this helps, Matt ... View more

@VijaySankar    Unfortunately with the information you have shared, it is not possible for me to validate what the issue is here. I would need to output from the openssl commands i shared earlier to help. openssl s_client -connect <server hostname>:<server port> Also the verbose listing of both your keystore and truststore files would be needed:   keytool -v -list -keystore keystore.jks keytool -v -list -keystore nifi.com.jks     The target server is what decides if connection is going to use mutual auth or not.  The invokeHTTP is the client side of this connection and only provides what the server asks for in the server hello response.   It is possible also in that server hello response that the server wants a client certificate; however, the list of CAs sent in that server hello response does not contain a CA capable of trusting your clientAuth PrivateKeyEntry in your nifi.com.jks.  In that case client would not send the client certificate since server is incapable of trusting it. Matt ... View more

Will do. Thanks. ... View more