Thanks for the reply.
I did not generate the certs myself, they were generated by a third
party. As I said the only way I can access the site is with curl and
--insecure. Does anyone know of a way in NIFI to do the equivalence of
"--insecure" ? The curl that works is:
curl --noproxy "*" --insecure --cacert ./ca.pem --cert ./c_cert.pem --key
./c_key.pem https://xxx.mitre.org/xx/xx
thank you
Pat
-----Original Message-----
From: James Srinivasan [mailto:[email protected]]
Sent: Wednesday, October 11, 2017 4:15 PM
To: [email protected]
Subject: Re: GetHTTP 403:Forbidden
Hi,
Doesn't sound like you have the certs set up correctly since --insecure for
curl skips certificate validation. I'm not aware of a similar option for NiFi,
but assuming you generated the certificate yourself, searching for something
like "java https self signed web"
should help. If the certificate was generated by a third party, then make sure
the appropriate intermediate and root certificates are also in your store.
James
On 11 October 2017 at 20:37, pat <[email protected]> wrote:
> Greetings,
>
> I am using GetHTTP to call
> https://xxx.mitre.org/xx/xx
>
> I have set up the StandardSSLContextService with my certs
>
> When GetHTTP runs I get the error:
> [Timer-Driven Process Thread-6] o.a.nifi.processors.standard.GetHTTP
> GetHTTP[id=015e1160-a849-126f-0306-deadef9b45f3] received status code
> 403:Forbidden from https://xxx.mitre.org/xx/xx
>
> I can reach the site via firefox if I add a security exception.
> I can also reach the site with curl like:
> curl --noproxy "*" --insecure --cacert .ca.pem --cert .c_cert.pem --key
> ./c_key.pem https://xxx.mitre.org/xx/xx
>
> I assume the problem is that I don't know how to have NIFI do
> something like the "--insecure" options.
> Is there a way to do this in NIFI (or a work around)
>
> thank you
>
>
>
> --
> Sent from: http://apache-nifi-users-list.2361937.n4.nabble.com/
