Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id A6F47200B44 for ; Thu, 14 Jul 2016 16:33:05 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id A5F3E160A63; Thu, 14 Jul 2016 14:33:05 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C81F9160A60 for ; Thu, 14 Jul 2016 16:33:04 +0200 (CEST) Received: (qmail 80309 invoked by uid 500); 14 Jul 2016 14:33:03 -0000 Mailing-List: contact dev-help@nifi.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@nifi.apache.org Delivered-To: mailing list dev@nifi.apache.org Received: (qmail 80298 invoked by uid 99); 14 Jul 2016 14:33:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Jul 2016 14:33:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 1CE08C05EF for ; Thu, 14 Jul 2016 14:33:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.28 X-Spam-Level: * X-Spam-Status: No, score=1.28 tagged_above=-999 required=6.31 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id zlwToE5gZsZE for ; Thu, 14 Jul 2016 14:33:01 +0000 (UTC) Received: from mail-qk0-f180.google.com (mail-qk0-f180.google.com [209.85.220.180]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS id C769A5FB15 for ; Thu, 14 Jul 2016 14:33:00 +0000 (UTC) Received: by mail-qk0-f180.google.com with SMTP id p74so74018029qka.0 for ; Thu, 14 Jul 2016 07:33:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date :message-id:references:to; bh=lK3mGnr5NBfdW5BpWQ892h9sGIV8l1vIyvMbP4T9+e4=; b=bkIasmhyia5GZvDK/YXpR6payt2kt+x0ItU557NMnAf50xAJflJtLjXoNQl/Lf6wPz FaTlhZZFcCxr0z9DN8nUry/HUJ8ckagD964yCUFoTNv3bVom9SEIMNc6exHO33GN3Eyc qhwQKQCnz+NErcQ7VaG1I8SPDRaafuOL/SXHIh5whVm3s7hDOQaj1RGhQKCAdg46ccA5 t92NuQTGR48DYRXC6CuhjZIVfiOrrA83QZ/iaaWyK+OSO+GrMvYr0i54vCPR9QtPgbTa X0znelmt8IvlpchcY9DPddRzvLiMR9TQBakRiIJ079wHisSDIQf+jAl08+O+49PEieSB On7g== X-Gm-Message-State: ALyK8tJVMYihKso7QPcsheTi8HeRLtvHW7LH0nR5CfyiV81f1pFp8OQYQyMFNS7AE+yzuA== X-Received: by 10.55.48.19 with SMTP id w19mr18119749qkw.141.1468506762392; Thu, 14 Jul 2016 07:32:42 -0700 (PDT) Received: from [10.137.0.18] (vpn-dc-184-173-166-154.hosts.getcloakvpn.com. [184.173.166.154]) by smtp.gmail.com with ESMTPSA id l32sm1119743qta.23.2016.07.14.07.32.41 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 14 Jul 2016 07:32:41 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_6EEBEBDE-44AA-44DF-9EC1-365143A57780"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: NIFI Secure Access ( Site to Site ) X-Pgp-Agent: GPGMail From: Andy LoPresto In-Reply-To: <1468497627943-12807.post@n7.nabble.com> Date: Thu, 14 Jul 2016 10:32:40 -0400 Message-Id: References: <1468050406054-12735.post@n7.nabble.com> <8EAB04D5-2E26-4649-AA16-55AF7FEE8C32@apache.org> <1468117570711-12746.post@n7.nabble.com> <1468383592814-12785.post@n7.nabble.com> <1468497627943-12807.post@n7.nabble.com> To: dev@nifi.apache.org X-Mailer: Apple Mail (2.3124) archived-at: Thu, 14 Jul 2016 14:33:05 -0000 --Apple-Mail=_6EEBEBDE-44AA-44DF-9EC1-365143A57780 Content-Type: multipart/alternative; boundary="Apple-Mail=_01E166C8-6509-4DD8-AB12-C67806A29C73" --Apple-Mail=_01E166C8-6509-4DD8-AB12-C67806A29C73 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Please check that the CN used in your certificates matches the value = used in =E2=80=9Cnifi.web.https.host=E2=80=9D and = =E2=80=9Cnifi.remote.input.host=E2=80=9D in your nifi.properties file. = The expected value will be provided in the error message you listed = below. Andy LoPresto alopresto@apache.org alopresto.apache@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jul 14, 2016, at 8:00 AM, Vinay wrote: >=20 > Andy, >=20 > I tried the way to generate certificates mentioned by Matt and shared = by > Mathew >=20 > Try following this procedure: > = https://community.hortonworks.com/content/kbentry/17293/how-to-create-user= -generated-keys-for-securing-nif.html >=20 >=20 > Now i get HTTPS hostname wrong: should be < hostname > >=20 > 1. Both NIFI instances is been configured for site to site . > 2. Same CA was used to generate server /user certificates. >=20 > Anything Iam missing still. >=20 >=20 > Regards, > Vinay >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > -- > View this message in context: = http://apache-nifi-developer-list.39713.n7.nabble.com/NIFI-Secure-Access-S= ite-to-Site-tp12735p12807.html > Sent from the Apache NiFi Developer List mailing list archive at = Nabble.com. --Apple-Mail=_01E166C8-6509-4DD8-AB12-C67806A29C73 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Please check that the CN used in your certificates matches = the value used in =E2=80=9Cnifi.web.https.host=E2=80=9D and = =E2=80=9Cnifi.remote.input.host=E2=80=9D in your nifi.properties file. = The expected value will be provided in the error message you listed = below. 

 
Andy = LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC = B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

On Jul 14, 2016, at 8:00 AM, Vinay <vinudev@gmail.com> = wrote:

Andy,

I tried the way to = generate certificates mentioned by Matt and shared by
Mathew

Try following this = procedure:
https://community.hortonworks.com/content/kbentry/17293/how-to-= create-user-generated-keys-for-securing-nif.html


Now i get HTTPS hostname wrong:  should = be < hostname >

1. Both NIFI = instances is been configured for site to site .
2. Same CA = was used to generate server /user certificates.

Anything Iam missing still.


Regards,
Vinay







--
View this message in = context: = http://apache-nifi-developer-list.39713.n7.nabble.com/NIFI-Secure-Access-S= ite-to-Site-tp12735p12807.html
Sent from the Apache NiFi = Developer List mailing list archive at Nabble.com.

= --Apple-Mail=_01E166C8-6509-4DD8-AB12-C67806A29C73-- --Apple-Mail=_6EEBEBDE-44AA-44DF-9EC1-365143A57780 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXh6KJAAoJEDxu9lsvfe9pN4oP+gKRtVjT2WQ4enzxRG7P2yqu J2U/kVvfIcbe8UwNzmhB2Qav/m6MP4lIqbDdkI70POq9ob9VWcJBKK9qkWACr36R Upo8UmLswBr39xn0+hF2CtKofJfqYyeGKoKD8PP1+hX3N42zMdg9VMgn7cj46z1L Wnj2Zy1K3jQR3OaEjxJfGfQhyuJqYjUygxbaj2xYmVhyBOsKhMucLRh/rzpZrsQ8 x2g2Vf3YwRFzwiHfaMHqv2Etc1KWhTbExtHpUsH4NnGI6Xo2ShwDNsDwqUnEiO/q gjbeyZY/08HNElRlxFwN9EH9HrRhcQnkYi+0OqfMHd2aEA8oA/E4hXNPgA9EXYA9 E7mU0h0ojxz08CEJEnfnXIg8AbdNgVWaRkucTFKROosmq9X0cK8OJGDZr7pxzch/ ArX9BFzo2VO+mOZyqks6oN8vGGvZLWpWCEvu2aMrSkDp4lMDkfqK1u64ya1vkrXF ntSxT7tU+EW+6le80gbJ2NpsMpoN3iThTrPTb2vEDwFuMgV09FtHdabTnP+LTFvh afpTpeaeGD0lqy1yOOT3kRowVX4Jx73r3t0r+DVWyaCHwnGf6Lst9318Sd/W3GOk 9EJp0X0t1yQFkPx2DxNbyVqSAsaCQxTkCFiYpeuUL3KfXeZdmZ2MAeRZUIDDHOto RPdxC93gyBt2kdgC0tN2 =8a7Q -----END PGP SIGNATURE----- --Apple-Mail=_6EEBEBDE-44AA-44DF-9EC1-365143A57780--