nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <alopre...@apache.org>
Subject Re: How to run NiFi on HTTPS
Date Tue, 22 May 2018 22:46:12 GMT
Apache NiFi does not support Basic Authentication in any scenario. There are multiple options
for user authentication to the NiFi UI/API, including LDAP, Kerberos, client certificates,
Apache Knox, and OpenID Connect. More details about configuring these options are available
in the Admin Guide [1].

As for your TLS error, my guess is that there is an error with the certificate you generated.
The error “No overlapping cipher suites available” can occur when the certificate is expired
or otherwise invalid, and all the available cipher suites require an RSA key for signing or
encryption. To further debug this, you can use the OpenSSL s_client tool to attempt to make
a connection via the command line, and enable the JSSE SSL debugging via a modification to
bootstrap.conf. Once you restart, you should see additional TLS/SSL debug output in logs/nifi-bootstrap.conf.

For us to be able to offer further advice, you’ll need to provide more information, like
stacktraces from your logs, or the openssl output from examining the certificates. Images
do not come through on the list, so please copy and paste text output instead. There are other
possible explanations, such as OS-limited cipher suites available, older browser versions,
etc. but these are much less common.

Add this line to bootstrap.conf:

java.arg.15=-Djavax.net.debug=ssl,handshake

[1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication


Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On May 22, 2018, at 5:53 AM, Brajendra Mishra <brajendra_mishra@persistent.com>
wrote:
> 
> Team I need to know the implementation of basic authentication with HTTPS as well.
> 
> Brajendra Mishra
> Persistent Systems Ltd.
> 
> From: Brajendra Mishra <brajendra_mishra@persistent.com>
> Sent: Tuesday, May 22, 2018 6:22 PM
> To: dev@nifi.apache.org
> Subject: How to run NiFi on HTTPS
> 
> Hi Team,
> 
> I have used tlstoolkit to create required files (nifi.properties, keystore and truststore
files) to run NiFi on HTTPS.
> I also configured successfully and ran the NiFi service correctly which show it is running
on Https protocol.
> But once I tried to see its UI I am facing following error on all browsers (IE, Firefox
and Chrome):
> 
> "Secure Connection Failed - An error occurred during a connection to localhost:9090.
Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP"
> 
> [cid:image001.png@01D3F1F9.9EC1D450]
> 
> Could you please let me know how can I see NiFi UI in this case? I have already tried
all possible options (spread on internet) to get rid this issue on browsers but no luc
> 
> 
> Brajendra Mishra
> Persistent Systems Ltd.
> 
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is the property
of Persistent Systems Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are not authorized to read,
retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Persistent Systems
Ltd. does not accept any liability for virus infected mails.


Mime
View raw message