Minifi NIFI S2S

1
votes

I am trying to connect a miNifi instance on my local computer to a remote Nifi secured cluster.

I connect to this cluster using ssh (Putty) with ports tunneling, so I can access to the remote cluster by https://localhost:8443/nifi.

I have done the following:

  1. Created the template for miNifi (consisting of a generate flowfile processor and an RPG (https://cluster-nodes-names:8443/nifi). Inputs ports are detected, great !
  2. Converted this template using miNifi toolkit

  3. Added to miNifi config.yml, the trustore and keystore, and nifi-cert.pem generated; with the following command:

    tls-toolkit.sh client -c -t -p -D "CN=test, OU=NIFI" -T PKCS12 --subjectAlternativeNames localhost

  4. Added the following user to Nifi : "CN=test, OU=NIFI"

       

When I run miNifi I got the following error:

Certificate for '<'localhost'>' doesn't match any of the subject alternative names: [pft.com, pft.com]

I am kind of lost with TLS / SSL configuration, and I am not really sure that what I want to achieved is possible.

I will greatly appreciate your help!

1
apache-nifi
You were using Minifi (java), correct? - hanzo2001
Yes correct v0.5 - Pdeuxa

1 Answers

1
votes

I solved my problem. Maybe it will help some:

I guess a secured cluster have pre-registred nodes names, such It didn't reconized localhost as a certified node; that is why the error was thrown.

What I did is changing in the system, the localhost name to the node name. Such I can acces to the cluster by https://cluster-nodes-names:8443/nifi. Et voila!