Hi Naresh, When I researched about NiFi authentication mechanism before, Client certificate is the only way for Site-to-Site protocol to authenticate an user who made a Site-to-Site request. You might find this post useful about how NiFi AuthN works. http://ijokarumawak.github.io/nifi/2016/11/15/nifi-auth/#different-occasions-nifi-authnauthz-requests
So I think you have to setup Client certificate on the Windows machine, and add it or its CA to server's trust store. For details configuration needed to secure Site-to-Site using Client certificate, this article by Bryan Bende would be helpful. http://bryanbende.com/development/2016/08/30/apache-nifi-1.0.0-secure-site-to-site Even if a client running on windows, the same steps will work. > Documentation says, i should provide site-to-site properties but i could able > to work it on hadoop cluster without setting these properties but not on > windows. Does this mean you were able to use Site-to-Site without Client certificate? Maybe I'm mis-understanding something, and hope others can chime in and shed a light here. PS, Please send a question on how to use NiFi to Users Mailing List, instead of Developers. https://nifi.apache.org/mailing_lists.html Thanks, Koji On Fri, Jan 27, 2017 at 1:40 AM, Naresh kumar <[email protected]> wrote: > Hi, > > I'm Naresh korvi, Big data Engineer. I'm trying to install Apache NIFI on > Windows machine and want to implement site-to-site protocol. > > 1. I could able to run nifi instance but it errored out on Kerberos > authentication, > i have copied core-site and hdfs-site xmls, krb5.conf, my keytab and my > principle from my hadoop cluster. > > 2. For site-to-site protocol what configuration properties do i have to set > on both instances? > > Documentation says, i should provide site-to-site properties but i could able > to work it on hadoop cluster without setting these properties but not on > windows. > > > Can you please provide some documentation to set up NIFI on windows. > > -- > Thanks, > Naresh
