You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by Dnyaneshwar Pawar <dn...@persistent.com> on 2019/01/16 09:10:05 UTC
QueryElasticsearchHttp processor over SSL
Hi All,
We are trying to setup connection with ElasticSearch, HTTP connections are working fine, however, the HTTPS connections fails with hostname verification failure. We know this is the certificate issue, where server is using self signed certificate's with common hostname which does not match the actual hostname.
Is there any way to pass through this situation like InvokeHTTP processor has TrustedHostname property which allow us to add the actual hostname.
Regards,
Dnyaneshwar Pawar
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
Re: QueryElasticsearchHttp processor over SSL
Posted by Mike Thomsen <mi...@gmail.com>.
There's no need to use a self-signed certificate. You have two options for
creating good certificates with a CA (albeit not an enterprise one) without
much trouble:
1.
https://www.elastic.co/guide/en/elasticsearch/reference/current/certgen.html
2. NiFi TLS Toolkit
Both of those will give you a valid trust chain and are simple to use in
development and testing (production should always use a dedicated CA).
Mike
On Wed, Jan 16, 2019 at 4:10 AM Dnyaneshwar Pawar <
dnyaneshwar_pawar@persistent.com> wrote:
> Hi All,
>
>
>
> We are trying to setup connection with ElasticSearch, HTTP connections
> are working fine, however, the HTTPS connections fails with hostname
> verification failure. We know this is the certificate issue, where server
> is using self signed certificate’s with common hostname which does not
> match the actual hostname.
>
>
>
> Is there any way to pass through this situation like InvokeHTTP
> processor has *TrustedHostname* property which allow us to add the actual
> hostname.
>
>
>
> Regards,
>
> Dnyaneshwar Pawar
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
> the property of Persistent Systems Ltd. It is intended only for the use of
> the individual or entity to which it is addressed. If you are not the
> intended recipient, you are not authorized to read, retain, copy, print,
> distribute or use this message. If you have received this communication in
> error, please notify the sender and delete all copies of this message.
> Persistent Systems Ltd. does not accept any liability for virus infected
> mails.
>