I just checked a running NiFi, built locally from the main branch. I configured an InvokeHTTP processor to perform a GET request to " https://www.google.com/";. No "SSL Context Service" was configured.
The request completed successfully, routing output to relationships "RESPONSE" and "ORIGINAL". [image: InvokeHTTP-google.png] I would expect the same behavior on your NiFi instance. If no SSLContextService is supplied, the expectation is that the default JVM truststore is used, and the "google.com" certificate is signed by a CA trusted by the default truststore. If this test case does not work for you, I would verify the validity of the default truststore. Another check would be to perform this same test on a different machine running NiFi. On Fri, Jul 29, 2022 at 10:28 AM Russell Bateman <[email protected]> wrote: > Just a note (for later readers of this thread)... > > My experience now with this trick seems to say that, as long as "https" is > in the URL, a *SSLContextService* must be supplied. As a URL with "https" > and port number 8443 is the only way I have to engage TLS at the far end, I > must live with *SSLContextService*'s requirements. > > On 7/26/22 19:17, Paul Grey wrote: > > leave the InvokeHTTP property SSLContextService blank. > > >
