Hi Vinay, Secure site-to-site communication has been a feature of NiFi for many releases, and is definitely available in both the 0.6.0 and 0.6.1 releases.
I am not sure what steps you have taken to enable it that have failed, nor what the failure message was, but I can run down the basic outline here. 1. Ensure that the keystore and truststore properties are set in nifi.properties. You will need to provide each instance with a keystore containing a private key for that instance, along with the keystore type and password, and a truststore that contains the other instance’s public key (or the public key of the CA that signed it), along with the truststore type and password. All of this is documented in the Admin Guide [1]. 2. Set the site-to-site properties. This includes the hostname, port, and “nifi.remote.input.secure” set to true. If you can provide the steps you took to enable secure S2S, along with the nifi-app.log file contents containing the error, that may help us to debug your issue. Please also mention if you enabled TLS encryption for the API/UI, and if you have configured an authentication and authorization mechanism for the API or if it is unsecured and allows anonymous access. The more information you can provide, the better positioned we will be to help you achieve your goal. [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jul 9, 2016, at 12:46 AM, Vinay <[email protected]> wrote: > > Hi All, > > First let me confirm is NIFI Site to Site Secure Access feature available in > NIFI 0.6.x and above. > > I have tried to configure NIFI secure access ( Site to Site ) but no > success. > > I'am able to do Site to Site without https but SSL fails when tried via > https. > > I strongly feel this is a key feature which will be required when we want to > give user ROLE based access,so i would like to get some pointers on this to > achieve the same. > > If any could guide me on this or have achieved it please share your views. > > > Thanks in advance, > Best Regards, > Vinay > > > > -- > View this message in context: > http://apache-nifi-developer-list.39713.n7.nabble.com/NIFI-Secure-Access-Site-to-Site-tp12735.html > Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
signature.asc
Description: Message signed with OpenPGP using GPGMail
