nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Srinivasan <james.sriniva...@gmail.com>
Subject Re: GetHTTP 403:Forbidden
Date Thu, 12 Oct 2017 12:29:35 GMT
I might've been wrong about the certificate issue, since the server is
returning a 403. What happens if you omit --insecure from the curl
command? Might the server be doing something funky e.g. looking at the
user agent string?

I suspect the equivalent of --insecure requires recompiling the
processor and is almost certainly not the right thing to do.

On 12 October 2017 at 13:13, Jones, Patrick L. <plj@mitre.org> wrote:
> Thanks for the reply.
>
>         I did not generate the certs myself, they were generated by a third party.  As
I said the only way I can access the site is with curl and --insecure.  Does anyone know of
a way in NIFI to do the equivalence of "--insecure" ?  The curl that works is:
> curl --noproxy "*" --insecure --cacert ./ca.pem --cert ./c_cert.pem --key  ./c_key.pem
  https://xxx.mitre.org/xx/xx
>
> thank you
>
>
> Pat
>
>
> -----Original Message-----
> From: James Srinivasan [mailto:james.srinivasan@gmail.com]
> Sent: Wednesday, October 11, 2017 4:15 PM
> To: users@nifi.apache.org
> Subject: Re: GetHTTP 403:Forbidden
>
> Hi,
>
> Doesn't sound like you have the certs set up correctly since --insecure for curl skips
certificate validation. I'm not aware of a similar option for NiFi, but assuming you generated
the certificate yourself, searching for something like "java https self signed web"
> should help. If the certificate was generated by a third party, then make sure the appropriate
intermediate and root certificates are also in your store.
>
> James
>
> On 11 October 2017 at 20:37, pat <plj@mitre.org> wrote:
>> Greetings,
>>
>>   I am using GetHTTP to call
>>     https://xxx.mitre.org/xx/xx
>>
>> I have set up the StandardSSLContextService with my certs
>>
>> When GetHTTP runs I get the error:
>>  [Timer-Driven Process Thread-6] o.a.nifi.processors.standard.GetHTTP
>> GetHTTP[id=015e1160-a849-126f-0306-deadef9b45f3] received status code
>> 403:Forbidden from https://xxx.mitre.org/xx/xx
>>
>> I can reach the site via firefox if I add a security exception.
>> I can also reach the site with curl like:
>> curl --noproxy "*" --insecure --cacert .ca.pem --cert .c_cert.pem --key
>> ./c_key.pem   https://xxx.mitre.org/xx/xx
>>
>> I assume the problem is that I don't know how to have NIFI do
>> something like the "--insecure" options.
>> Is there a way to do this in NIFI (or a work around)
>>
>> thank you
>>
>>
>>
>> --
>> Sent from: http://apache-nifi-users-list.2361937.n4.nabble.com/

Mime
View raw message