How to connect NIFI to Teiid data virtualization using SSL configured in teiid?

0
votes

We have a Teiid 12.3 server running which is configured using ssl. We are able to connect this teiid server using tools like pentaho etl, squirrel sql client, Tableau etc. we are using trustore file to connect these tools. But we are not able to connect Teiid server in Apache NIfi. We tried the following ways to include trustore –

  1. Adding the trustore in the run nifi.bat

    • set JAVA_ARGS=-Dorg.apache.nifi.bootstrap.config.log.dir=%NIFI_LOG_DIR% -Dorg.apache.nifi.bootstrap.config.pid.dir=%NIFI_PID_DIR% -Dorg.apache.nifi.bootstrap.config.file=%BOOTSTRAP_CONF_FILE% -Djavax.net.ssl.trustStore=teiid-dummy.truststore -Djavax.net.ssl.trustStorePassword=1234

  2. Creating a StandardSSLContextService but we cant use this service in ExecuteSQL or QueryDatabaseTableRecord processors

  3. Added trustore details in the teiid connect url -- jdbc:teiid:VDB@mms://abc123.com:443;enableTLS=true;trustStorePath=E:/nifi-1.11.4-bin/nifi-1.11.4/bin/teiid_dummy.truststore;trustStorePassword=1234

    • Errors: TEIID 200020 Error establishing socket to host and port. Sun.security.validator.validatorException : PKIX path building failed:

  4. configured trustore in below file as well but no use giving same error.

File Name : Nifi.properties

nifi.security.truststore==E:\nifi-1.11.4-bin\nifi-1.11.4\bin\teiid-dummy.truststore
nifi.security.truststoreType=jks
nifi.security.truststorePasswd=1234

File name: run_nifi.bat

set JAVA_ARGS=-Dorg.apache.nifi.bootstrap.config.log.dir=%NIFI_LOG_DIR% -Dorg.apache.nifi.bootstrap.config.pid.dir=%NIFI_PID_DIR% -Dorg.apache.nifi.bootstrap.config.file=%BOOTSTRAP_CONF_FILE% -Djavax.net.ssl.trustStore=teiid3-ssl.truststore -Djavax.net.ssl.trustStorePassword=1234

error

2
sslapache-nifikeystoreteiidpkix
try teiid specific properties or teiid properties file approach: docs.jboss.org/teiid/7.7.0.Final/client-developers-guide/en-US/… BTW: to set java properties in the nifi you have to modify the conf/bootstrap.conffile - daggett
Thank you so much . I have tried your solution but no luck... I have tried connecting apache nifi with teiid data virtulization without SSL and it was successful. But with SSL I was not able to connect - Amar Kale
have you changed bootstrap.conf to set truststore? - daggett

2 Answers

0
votes

Have you verified that the Teiid server presents the full certificate chain during TLS negotiation, and that the complete chain is present in the truststore you've configured? PKIX path building errors indicate that the client (NiFi) is unable to map the public certificate presented by the server (Teiid) to a trusted certificate in its truststore. Please provide the public certificate (hostname redacted if necessary) of your Teiid server and the contents of the truststore you're associating with NiFi.

Response to comment:

The property value nifi.security.truststore in $NIFI_HOME/conf/nifi.properties is where the path to the NiFi application truststore is set. The communication mechanism from NiFi to Teiid is not specified in the question. If it is a component in the flow (e.g. processor or controller service), those components should reference an SSLContextService controller service and specify a truststore path there. If the component does not support an SSL CS, either the DBCP JDBC connection URL should include settings to enable TLS or a feature request Jira should be filed.

0
votes

Thank you so much daggett.Thanks a lot ...your solution worked (bootstrap.conf)

Followed below step and it worked perfectly fine. 1) Place the Trustore “ssl-teiid.truststore” in the NiFi bin directory 2) Go to Nifi conf directory and open file bootstrap.conf 3) Add two arguments in it mentioning the Trustore path and password. Refer this – java.arg.18=-Djavax.net.ssl.trustStore=E:/nifi-1.11.4-bin/nifi-1.11.4/bin/ssl-teiid.truststore

java.arg.19.=-Djavax.net.ssl.trustStorePassword=mention the Trustore password

4) Start NiFi 5) Created the DBConnectionPool service for the DataVirtualization url. 6) Create ExecuteSQL processor , use the above created DBConnectionPool service and query any of the DataVirtualization views through it

Thank you so much Andy for your help.