nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eduardo Fontes <eduardo.fon...@gmail.com>
Subject Re: Help with TLS with Client Auth
Date Thu, 20 Feb 2020 11:01:56 GMT
Thanks Pierre but I found the problem. It was between the monitor and the
chair. :D
My CA cert was wrong.

On Wed, Feb 19, 2020 at 4:13 PM Pierre Villard <pierre.villard.fr@gmail.com>
wrote:

> Hi Eduardo,
>
> I would first check that the ListenBeat is correctly exposing what you want
> using something like:
> openssl s_client -connect nifi-node:<ListenBeatPort>
>
> Thanks,
> Pierre
>
> Le mer. 19 févr. 2020 à 02:56, Eduardo Fontes <eduardo.fontes@gmail.com> a
> écrit :
>
> >  Hi people! I'm using WindowsLogBeat (from Elastic Stack) to send Windows
> > events to NiFi (1.11.1) with processor ListenBeat (latest). My NiFi is a
> 3
> > node cluster under Linux with SSL. I'm trying to secure communication
> > between Beat and NiFi using SSL/TLS with Client Auth. I created a
> > RestrictedSSLContext with NiFi's Keystore and Truststore and created a
> pair
> > key/cert for the Windows machine, configured the Beat with CA certs, key
> > and cert of Windows machine. The CA of NiFi's certs is the same of
> Windows
> > certs.
> > Unfortunatly, It didn't work [image: :cara_triste:]. I got "null cert
> > chain". So I have some questions:
> >
> >    1. How NiFi ListenBeat with Client Auth knows that a host is
> authorized
> >    to send data? Do I need to put the Windows machine cert (pub key)
> inside
> >    NiFi Truststore? (I've already did this with same result). Do I need
> > create
> >    a "host user" on NiFi, like "CN=host, OU=NIFI" and grant some
> > permissions?
> >    2. What I'm doing wrong? Without Client Auth and only SSL the
> >    communication works.
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message