Thanks Pierre but I found the problem. It was between the monitor and the chair. :D My CA cert was wrong.
On Wed, Feb 19, 2020 at 4:13 PM Pierre Villard <[email protected]> wrote: > Hi Eduardo, > > I would first check that the ListenBeat is correctly exposing what you want > using something like: > openssl s_client -connect nifi-node:<ListenBeatPort> > > Thanks, > Pierre > > Le mer. 19 févr. 2020 à 02:56, Eduardo Fontes <[email protected]> a > écrit : > > > Hi people! I'm using WindowsLogBeat (from Elastic Stack) to send Windows > > events to NiFi (1.11.1) with processor ListenBeat (latest). My NiFi is a > 3 > > node cluster under Linux with SSL. I'm trying to secure communication > > between Beat and NiFi using SSL/TLS with Client Auth. I created a > > RestrictedSSLContext with NiFi's Keystore and Truststore and created a > pair > > key/cert for the Windows machine, configured the Beat with CA certs, key > > and cert of Windows machine. The CA of NiFi's certs is the same of > Windows > > certs. > > Unfortunatly, It didn't work [image: :cara_triste:]. I got "null cert > > chain". So I have some questions: > > > > 1. How NiFi ListenBeat with Client Auth knows that a host is > authorized > > to send data? Do I need to put the Windows machine cert (pub key) > inside > > NiFi Truststore? (I've already did this with same result). Do I need > > create > > a "host user" on NiFi, like "CN=host, OU=NIFI" and grant some > > permissions? > > 2. What I'm doing wrong? Without Client Auth and only SSL the > > communication works. > > >
