I might've been wrong about the certificate issue, since the server is returning a 403. What happens if you omit --insecure from the curl command? Might the server be doing something funky e.g. looking at the user agent string?
I suspect the equivalent of --insecure requires recompiling the processor and is almost certainly not the right thing to do. On 12 October 2017 at 13:13, Jones, Patrick L. <[email protected]> wrote: > Thanks for the reply. > > I did not generate the certs myself, they were generated by a third > party. As I said the only way I can access the site is with curl and > --insecure. Does anyone know of a way in NIFI to do the equivalence of > "--insecure" ? The curl that works is: > curl --noproxy "*" --insecure --cacert ./ca.pem --cert ./c_cert.pem --key > ./c_key.pem https://xxx.mitre.org/xx/xx > > thank you > > > Pat > > > -----Original Message----- > From: James Srinivasan [mailto:[email protected]] > Sent: Wednesday, October 11, 2017 4:15 PM > To: [email protected] > Subject: Re: GetHTTP 403:Forbidden > > Hi, > > Doesn't sound like you have the certs set up correctly since --insecure for > curl skips certificate validation. I'm not aware of a similar option for > NiFi, but assuming you generated the certificate yourself, searching for > something like "java https self signed web" > should help. If the certificate was generated by a third party, then make > sure the appropriate intermediate and root certificates are also in your > store. > > James > > On 11 October 2017 at 20:37, pat <[email protected]> wrote: >> Greetings, >> >> I am using GetHTTP to call >> https://xxx.mitre.org/xx/xx >> >> I have set up the StandardSSLContextService with my certs >> >> When GetHTTP runs I get the error: >> [Timer-Driven Process Thread-6] o.a.nifi.processors.standard.GetHTTP >> GetHTTP[id=015e1160-a849-126f-0306-deadef9b45f3] received status code >> 403:Forbidden from https://xxx.mitre.org/xx/xx >> >> I can reach the site via firefox if I add a security exception. >> I can also reach the site with curl like: >> curl --noproxy "*" --insecure --cacert .ca.pem --cert .c_cert.pem --key >> ./c_key.pem https://xxx.mitre.org/xx/xx >> >> I assume the problem is that I don't know how to have NIFI do >> something like the "--insecure" options. >> Is there a way to do this in NIFI (or a work around) >> >> thank you >> >> >> >> -- >> Sent from: http://apache-nifi-users-list.2361937.n4.nabble.com/
