Hi Eduardo, I would first check that the ListenBeat is correctly exposing what you want using something like: openssl s_client -connect nifi-node:<ListenBeatPort>
Thanks, Pierre Le mer. 19 févr. 2020 à 02:56, Eduardo Fontes <[email protected]> a écrit : > Hi people! I'm using WindowsLogBeat (from Elastic Stack) to send Windows > events to NiFi (1.11.1) with processor ListenBeat (latest). My NiFi is a 3 > node cluster under Linux with SSL. I'm trying to secure communication > between Beat and NiFi using SSL/TLS with Client Auth. I created a > RestrictedSSLContext with NiFi's Keystore and Truststore and created a pair > key/cert for the Windows machine, configured the Beat with CA certs, key > and cert of Windows machine. The CA of NiFi's certs is the same of Windows > certs. > Unfortunatly, It didn't work [image: :cara_triste:]. I got "null cert > chain". So I have some questions: > > 1. How NiFi ListenBeat with Client Auth knows that a host is authorized > to send data? Do I need to put the Windows machine cert (pub key) inside > NiFi Truststore? (I've already did this with same result). Do I need > create > a "host user" on NiFi, like "CN=host, OU=NIFI" and grant some > permissions? > 2. What I'm doing wrong? Without Client Auth and only SSL the > communication works. >
