You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by "Rivera Molina, Leonorelvis" <lr...@scotiabank.com.mx.INVALID> on 2022/12/28 21:20:07 UTC
setup TLS configuration
Hello I am Elvis Rivera from Scotiabank, we have a connection with NIFI and it is very urgent to do the TLS set up between my MQ Server and NIFI
I have a kesystore called key.kdb that is the name of the kesystore for the MQ manager and I was checking your documentation and I do not see anything related to the TLS connection between MQ SERVER and NIFI
Do you have any documentation or could you please provide any help as this is something very urgent since we have a vulnerability open with our Security department.
Thank you
Elvis Rivera Molina | Asesor Arquitectura Transformación GBM
Scotiabank | DGA Tecnologías de la Información
Boulevard Manuel Avila Camacho No.1
Colonia. Lomas de Chapultepec Piso1.
lriveram@scotiabank.com.mx<ma...@scotiabank.com.mx>
Aviso de Confidencialidad: Este correo electrónico y/o el material adjunto es para uso exclusivo de la persona o entidad a la que expresamente se le ha enviado, y puede contener información confidencial o material privilegiado. Si usted no es el destinatario legítimo del mismo, por favor repórtelo inmediatamente al remitente del correo y bórrelo. Cualquier revisión, retransmisión, difusión o cualquier otro uso de este correo, por personas o entidades distintas a las del destinatario legítimo, queda expresamente prohibido. Este correo electrónico no pretende ni debe ser considerado como constitutivo de ninguna relación legal, contractual o de otra índole similar.
Notice of Confidentiality: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same.
Re: setup TLS configuration
Posted by Adam Taft <ad...@adamtaft.com>.
Elvis,
I found this document which might help give you clues to convert between
IBM MQ's "kdb" format and the traditional Java "jks" format. In principle,
it looks like you will need to export your client certificates, etc. out
from your kdb store:
https://www.ibm.com/mysupport/s/question/0D50z000062l4HICAY/how-do-i-configure-ssl-tls-between-java-client-and-mq-queue-manager?language=en_US
NiFi is not going to understand the kdb format. So you will ultimately need
to export your certs and CA from the kdb file you created. From there, you
will probably need to configure the JMS processors in NiFi to connect to MQ
server. These documents seem to have some hints:
https://community.cloudera.com/t5/Support-Questions/how-to-Setup-IBM-MQ-Configuration-for-Nifi/td-p/118155
https://www.senia.org/2018/05/10/integrating-apache-nifi-with-ibm-mq/
https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-jms-processors-nar/1.19.1/org.apache.nifi.jms.cf.JMSConnectionFactoryProvider/additionalDetails.html
Hope that helps.
/Adam
On Wed, Dec 28, 2022 at 2:23 PM Rivera Molina, Leonorelvis
<lr...@scotiabank.com.mx.invalid> wrote:
> Hello I am Elvis Rivera from Scotiabank, we have a connection with NIFI
> and it is very urgent to do the TLS set up between my MQ Server and NIFI
>
> I have a kesystore called key.kdb that is the name of the kesystore for
> the MQ manager and I was checking your documentation and I do not see
> anything related to the TLS connection between MQ SERVER and NIFI
>
> Do you have any documentation or could you please provide any help as this
> is something very urgent since we have a vulnerability open with our
> Security department.
>
> Thank you
>
> Elvis Rivera Molina | Asesor Arquitectura Transformación GBM
> Scotiabank | DGA Tecnologías de la Información
> Boulevard Manuel Avila Camacho No.1
> Colonia. Lomas de Chapultepec Piso1.
> lriveram@scotiabank.com.mx<ma...@scotiabank.com.mx>
>
>
> Aviso de Confidencialidad: Este correo electrónico y/o el material adjunto
> es para uso exclusivo de la persona o entidad a la que expresamente se le
> ha enviado, y puede contener información confidencial o material
> privilegiado. Si usted no es el destinatario legítimo del mismo, por favor
> repórtelo inmediatamente al remitente del correo y bórrelo. Cualquier
> revisión, retransmisión, difusión o cualquier otro uso de este correo, por
> personas o entidades distintas a las del destinatario legítimo, queda
> expresamente prohibido. Este correo electrónico no pretende ni debe ser
> considerado como constitutivo de ninguna relación legal, contractual o de
> otra índole similar.
> Notice of Confidentiality: The information transmitted is intended only
> for the person or entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, re-transmission,
> dissemination or other use of, or taking of any action in reliance upon,
> this information by persons or entities other than the intended recipient
> is prohibited. If you received this in error, please contact the sender
> immediately by return electronic transmission and then immediately delete
> this transmission, including all attachments, without copying, distributing
> or disclosing same.
>
>