You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@nifi.apache.org by "Vincent, Mike" <mv...@mitre.org> on 2019/01/30 19:16:27 UTC

SSL Mutual Authentication with PutS3Object

A bit of a strange request because we have a unique situation.  Trying to move files upto and S3 bucket and the pipeline I’ve create works fine ending in PutS3Object and the files show up in the bucket.  Moving to our production environment, we’ll be behind a gateway that we’ll need to do a mutual client / server SSL authentication.  Example:

https://www.naschenweng.info/2018/02/01/java-mutual-ssl-authentication-2-way-ssl-authentication/

The test code works fine against a test server with test certs and keys.

Now the question – there is no “SSL mutual authentication” option in PutS3Object processor.  Can I create a mutually authenticated SSL session and pass that context to the PutS3Object (doesn’t seem so) or some other approach?  Currently, I’m thinking my only path is to write a new PutS3Object-MA (where MA = mutual authentication) and provides properties in configure for the cert and key file and creates the appropriate SSL context for the underlying HTTPS connection.  I’m thinking that’s no small feat for a novice Java programmer?

Cheers,

Michael J. Vincent
Lead Network Systems Engineer | The MITRE Corporation | Network Technology & Security (T864) | +1 (781) 271-8381

Re: SSL Mutual Authentication with PutS3Object

Posted by Michael Moser <mo...@gmail.com>.

Hello Michael,

The PutS3Object processor has an SSL Context Service property which would
be used to create SSL connections.  You would configure one of those with
your certs and keys.  Since you are behind a gateway, which likely acts as
a proxy, you might need to look into the proxy related properties of
the PutS3Object processor, too.

That should work for you, but if not, then I would look into using the S3
REST API with a NiFi InvokeHTTP processor.  InvokeHTTP can definitely do
mutual auth SSL, and the S3 REST API is well documented by AWS.

Regards,
-- Mike

On Wed, Jan 30, 2019 at 2:34 PM Vincent, Mike <mv...@mitre.org> wrote:

> A bit of a strange request because we have a unique situation.  Trying to
> move files upto and S3 bucket and the pipeline I’ve create works fine
> ending in PutS3Object and the files show up in the bucket.  Moving to our
> production environment, we’ll be behind a gateway that we’ll need to do a
> mutual client / server SSL authentication.  Example:
>
>
>
>
> https://www.naschenweng.info/2018/02/01/java-mutual-ssl-authentication-2-way-ssl-authentication/
>
>
>
> The test code works fine against a test server with test certs and keys.
>
>
>
> Now the question – there is no “SSL mutual authentication” option in
> PutS3Object processor.  Can I create a mutually authenticated SSL session
> and pass that context to the PutS3Object (doesn’t seem so) or some other
> approach?  Currently, I’m thinking my only path is to write a new
> PutS3Object-MA (where MA = mutual authentication) and provides properties
> in configure for the cert and key file and creates the appropriate SSL
> context for the underlying HTTPS connection.  I’m thinking that’s no small
> feat for a novice Java programmer?
>
>
>
> Cheers,
>
>
>
> Michael J. Vincent
>
> Lead Network Systems Engineer | The MITRE Corporation | Network Technology
> & Security (T864) | +1 (781) 271-8381
>