nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James McMahon <jsmcmah...@gmail.com>
Subject Re: No Response from NiFi to Http POST Request
Date Mon, 20 Feb 2017 18:59:30 GMT
This sounds like it could be the problem Andy. Thank you very much for the
insights. First thing early tomorrow when I am back at site I will try this
and see if I can establish a connection from Python and send a response.
-Jim

On Fri, Feb 17, 2017 at 7:52 PM, Andy LoPresto <alopresto@apache.org> wrote:

> Jim,
>
> In the curl command, do you use the “-i”/“—insecure” flag? The issue
> sounds like one where Python does not trust the NiFi server certificate
> presented when it attempts to make the connection. “No Authentication” in
> the Client Authentication setting means that NiFi is not enforcing the
> presence of a client certificate (one presented by Python), but it is still
> presenting one if you configured the StandardSSLContextService with a
> keystore. If NiFi is presenting a cert and using TLS, it won’t accept
> incoming connections on plain HTTP. You’ll have to tell Python to trust
> that specific certificate or the signer [1]. Luckily it looks pretty simple
> to provide it the PEM-encoded public certificate directly in the code to
> make the request.
>
> Perhaps this crude drawing will help:
>
>
> [1] http://stackoverflow.com/a/30405947/70465
> [2] http://security.stackexchange.com/a/20847/16485
>
> Andy LoPresto
> alopresto@apache.org
> *alopresto.apache@gmail.com <alopresto.apache@gmail.com>*
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
>
> On Feb 16, 2017, at 11:27 AM, James McMahon <jsmcmahon3@gmail.com> wrote:
>
> I am unable to get a response from my NiFi server HandleHttpRequest
> processor when I issue a POST from Python code on a remote box. I suspect
> my configuration of certs is somehow missing a vital piece of the puzzle,
> though that seems contrary to my configuration of HandleHttpRequest (No
> Authentication in parm Client Authentication). From the calling program
> window all we see is a message that we have made an unverified https
> request.
> My HandleHttpRequest processor is configured with No Authentication in
> parm Client Authentication. I assumed that this meant no client cert is
> required for a posting program to post, but now I suspect that I am wrong
> about that.
> I do include in the config for this processor an SSL Context Service,
> StandarSSLContextService. The service is Enabled. The service configuration
> references my keystore and truststore.
> Currently we are executing the python program as user root on the remote
> server. We are not including any cert reference in our POST call.
> What is lacking in my configuration?
> We are able to get a response back from the NiFi server when we issue the
> POST via a curl command. Thanks in advance for your help. -Jim
>
>
>

Mime
View raw message