You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by M Singh <ma...@yahoo.com> on 2015/11/06 00:51:45 UTC

Nifi GetHttp https endpoint keystore password error

Hi:
I am trying to access a https endpoint using GetHttp processor and being a newbie am having trouble.  I am on a Mac with Java 1.8 and nifi version 0.3.1-SNAPSHOT.
In the GetHttp properties - when I set the url to the https endpoint without any other setting, I get an error that no ssl context has been specified.
On setting the ssl context to StandardSSLContextService - I get a arrow icon to set the properties of the SSL controller.  I am not sure what values are required for this dialog box (Keystore file, password, type, Truststore file, password, type and ssl protocol).  I've tried tls and pointing the keystore and truststore files to $JAVA_HOME/Contents/Home/jre/lib/security/cacerts with type jks and my password but i get an error indicating that the keystore password is invalid.  

This is the first time I am dealing with keystore/truststores so am definitely missing something basic, but if anyone has any pointers to how to I can resolve this, please let me know.
Thanks.

Re: Nifi GetHttp https endpoint keystore password error

Posted by M Singh <ma...@yahoo.com>.
Yes Aldrin, you are right, I am accessing a rest service using their https endpoint.
Thanks again for your help. 


     On Thursday, November 5, 2015 8:07 PM, Aldrin Piri <al...@gmail.com> wrote:
   

 You would want this just for the truststore.  The keystore comes into play when you are looking at doing two-way or mutual SSL. 
In your case, and please correct me if I am wrong, you are just looking to access content from an HTTPS site that is publicly available (like https://www.google.com/).  The truststore just provides a way of vetting the specified endpoint as being as anticipated.
On Thu, Nov 5, 2015 at 10:57 PM, M Singh <ma...@yahoo.com> wrote:

Hi Aldrin:
The password was the issue as you mentioned and that resolved my issue.
I filled the same info for both keystore and truststore but am not sure if both are required.  Would it help to have some documentation on whether keystore or truststore or both are required and how to trouble shoot the store type and protocol misconfiguration issue.
Thanks again for your help.
Mans 


     On Thursday, November 5, 2015 3:58 PM, Aldrin Piri <al...@gmail.com> wrote:
   

 Hi Mans,
Quite all right and SSL can be a bit overwhelming for those not familiar.
We had a user with similar issues as you, please check out the associated thread here: https://mail-archives.apache.org/mod_mbox/nifi-users/201509.mbox/%3CEB8BF379-164B-49D0-82B5-7043F2891FC1@gmail.com%3E
In summary and with the assumption you are just trying to access a public HTTPS site, you should be able to configure the truststore with the path as you expected, but the password is "changeit" by default and not your password.
Let us know if you are still experiencing issues.
For the rest of the community, this is something we need to make easier and more obvious whether it is merely documentation or other mechanism within the UI itself.
Thanks!
On Thu, Nov 5, 2015 at 6:51 PM, M Singh <ma...@yahoo.com> wrote:

Hi:
I am trying to access a https endpoint using GetHttp processor and being a newbie am having trouble.  I am on a Mac with Java 1.8 and nifi version 0.3.1-SNAPSHOT.
In the GetHttp properties - when I set the url to the https endpoint without any other setting, I get an error that no ssl context has been specified.
On setting the ssl context to StandardSSLContextService - I get a arrow icon to set the properties of the SSL controller.  I am not sure what values are required for this dialog box (Keystore file, password, type, Truststore file, password, type and ssl protocol).  I've tried tls and pointing the keystore and truststore files to $JAVA_HOME/Contents/Home/jre/lib/security/cacerts with type jks and my password but i get an error indicating that the keystore password is invalid.  

This is the first time I am dealing with keystore/truststores so am definitely missing something basic, but if anyone has any pointers to how to I can resolve this, please let me know.
Thanks.

Re: Nifi GetHttp https endpoint keystore password error

Posted by Aldrin Piri <al...@gmail.com>.
You would want this just for the truststore.  The keystore comes into play
when you are looking at doing two-way or mutual SSL.

In your case, and please correct me if I am wrong, you are just looking to
access content from an HTTPS site that is publicly available (like
https://www.google.com/).  The truststore just provides a way of vetting
the specified endpoint as being as anticipated.

On Thu, Nov 5, 2015 at 10:57 PM, M Singh <ma...@yahoo.com> wrote:

> Hi Aldrin:
>
> The password was the issue as you mentioned and that resolved my issue.
>
> I filled the same info for both keystore and truststore but am not sure if
> both are required.  Would it help to have some documentation on whether
> keystore or truststore or both are required and how to trouble shoot the
> store type and protocol misconfiguration issue.
>
> Thanks again for your help.
>
> Mans
>
>
>
> On Thursday, November 5, 2015 3:58 PM, Aldrin Piri <al...@gmail.com>
> wrote:
>
>
> Hi Mans,
>
> Quite all right and SSL can be a bit overwhelming for those not familiar.
>
> We had a user with similar issues as you, please check out the associated
> thread here:
> https://mail-archives.apache.org/mod_mbox/nifi-users/201509.mbox/%3CEB8BF379-164B-49D0-82B5-7043F2891FC1@gmail.com%3E
>
> In summary and with the assumption you are just trying to access a public
> HTTPS site, you should be able to configure the truststore with the path as
> you expected, but the password is "changeit" by default and not your
> password.
>
> Let us know if you are still experiencing issues.
>
> For the rest of the community, this is something we need to make easier
> and more obvious whether it is merely documentation or other mechanism
> within the UI itself.
>
> Thanks!
>
> On Thu, Nov 5, 2015 at 6:51 PM, M Singh <ma...@yahoo.com> wrote:
>
> Hi:
>
> I am trying to access a https endpoint using GetHttp processor and being a
> newbie am having trouble.  I am on a Mac with Java 1.8 and nifi version
> 0.3.1-SNAPSHOT.
>
> In the GetHttp properties - when I set the url to the https endpoint
> without any other setting, I get an error that no ssl context has been
> specified.
>
> On setting the ssl context to StandardSSLContextService - I get a arrow
> icon to set the properties of the SSL controller.  I am not sure what
> values are required for this dialog box (Keystore file, password, type,
> Truststore file, password, type and ssl protocol).  I've tried tls and
> pointing the keystore and truststore files to
> $JAVA_HOME/Contents/Home/jre/lib/security/cacerts with type jks and my
> password but i get an error indicating that the keystore password is
> invalid.
>
> This is the first time I am dealing with keystore/truststores so am
> definitely missing something basic, but if anyone has any pointers to how
> to I can resolve this, please let me know.
>
> Thanks.
>
>
>
>
>

Re: Nifi GetHttp https endpoint keystore password error

Posted by M Singh <ma...@yahoo.com>.
Hi Aldrin:
The password was the issue as you mentioned and that resolved my issue.
I filled the same info for both keystore and truststore but am not sure if both are required.  Would it help to have some documentation on whether keystore or truststore or both are required and how to trouble shoot the store type and protocol misconfiguration issue.
Thanks again for your help.
Mans 


     On Thursday, November 5, 2015 3:58 PM, Aldrin Piri <al...@gmail.com> wrote:
   

 Hi Mans,
Quite all right and SSL can be a bit overwhelming for those not familiar.
We had a user with similar issues as you, please check out the associated thread here: https://mail-archives.apache.org/mod_mbox/nifi-users/201509.mbox/%3CEB8BF379-164B-49D0-82B5-7043F2891FC1@gmail.com%3E
In summary and with the assumption you are just trying to access a public HTTPS site, you should be able to configure the truststore with the path as you expected, but the password is "changeit" by default and not your password.
Let us know if you are still experiencing issues.
For the rest of the community, this is something we need to make easier and more obvious whether it is merely documentation or other mechanism within the UI itself.
Thanks!
On Thu, Nov 5, 2015 at 6:51 PM, M Singh <ma...@yahoo.com> wrote:

Hi:
I am trying to access a https endpoint using GetHttp processor and being a newbie am having trouble.  I am on a Mac with Java 1.8 and nifi version 0.3.1-SNAPSHOT.
In the GetHttp properties - when I set the url to the https endpoint without any other setting, I get an error that no ssl context has been specified.
On setting the ssl context to StandardSSLContextService - I get a arrow icon to set the properties of the SSL controller.  I am not sure what values are required for this dialog box (Keystore file, password, type, Truststore file, password, type and ssl protocol).  I've tried tls and pointing the keystore and truststore files to $JAVA_HOME/Contents/Home/jre/lib/security/cacerts with type jks and my password but i get an error indicating that the keystore password is invalid.  

This is the first time I am dealing with keystore/truststores so am definitely missing something basic, but if anyone has any pointers to how to I can resolve this, please let me know.
Thanks.

Re: Nifi GetHttp https endpoint keystore password error

Posted by Aldrin Piri <al...@gmail.com>.
Hi Mans,

Quite all right and SSL can be a bit overwhelming for those not familiar.

We had a user with similar issues as you, please check out the associated
thread here:
https://mail-archives.apache.org/mod_mbox/nifi-users/201509.mbox/%3CEB8BF379-164B-49D0-82B5-7043F2891FC1@gmail.com%3E

In summary and with the assumption you are just trying to access a public
HTTPS site, you should be able to configure the truststore with the path as
you expected, but the password is "changeit" by default and not your
password.

Let us know if you are still experiencing issues.

For the rest of the community, this is something we need to make easier and
more obvious whether it is merely documentation or other mechanism within
the UI itself.

Thanks!

On Thu, Nov 5, 2015 at 6:51 PM, M Singh <ma...@yahoo.com> wrote:

> Hi:
>
> I am trying to access a https endpoint using GetHttp processor and being a
> newbie am having trouble.  I am on a Mac with Java 1.8 and nifi version
> 0.3.1-SNAPSHOT.
>
> In the GetHttp properties - when I set the url to the https endpoint
> without any other setting, I get an error that no ssl context has been
> specified.
>
> On setting the ssl context to StandardSSLContextService - I get a arrow
> icon to set the properties of the SSL controller.  I am not sure what
> values are required for this dialog box (Keystore file, password, type,
> Truststore file, password, type and ssl protocol).  I've tried tls and
> pointing the keystore and truststore files to
> $JAVA_HOME/Contents/Home/jre/lib/security/cacerts with type jks and my
> password but i get an error indicating that the keystore password is
> invalid.
>
> This is the first time I am dealing with keystore/truststores so am
> definitely missing something basic, but if anyone has any pointers to how
> to I can resolve this, please let me know.
>
> Thanks.
>