nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eduardo Fontes <eduardo.fon...@gmail.com>
Subject Help with TLS with Client Auth
Date Wed, 19 Feb 2020 10:55:40 GMT
 Hi people! I'm using WindowsLogBeat (from Elastic Stack) to send Windows
events to NiFi (1.11.1) with processor ListenBeat (latest). My NiFi is a 3
node cluster under Linux with SSL. I'm trying to secure communication
between Beat and NiFi using SSL/TLS with Client Auth. I created a
RestrictedSSLContext with NiFi's Keystore and Truststore and created a pair
key/cert for the Windows machine, configured the Beat with CA certs, key
and cert of Windows machine. The CA of NiFi's certs is the same of Windows
certs.
Unfortunatly, It didn't work [image: :cara_triste:]. I got "null cert
chain". So I have some questions:

   1. How NiFi ListenBeat with Client Auth knows that a host is authorized
   to send data? Do I need to put the Windows machine cert (pub key) inside
   NiFi Truststore? (I've already did this with same result). Do I need create
   a "host user" on NiFi, like "CN=host, OU=NIFI" and grant some permissions?
   2. What I'm doing wrong? Without Client Auth and only SSL the
   communication works.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message