Secure Nifi with DigiCert

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Secure Nifi with DigiCert

Ren Yang


Hi Nifi Team,
Thanks for reading my email. I have encountered an issue of securing Nifi with Digicert issue. Could you please read the following details.
 
I have got the Digicert related files and generated the keystore.jks and truststore.jks. And all other setup steps have finished. However, when I come to my nifi site with HTTPS URL, it denied.
 
Next, I double clicked the nifi.p12 which generated by openssl command, imported it into Keychain access. 
 
 
Then I access my Nifi https url again, the cert confirmation window comes. After pressed “OK”, I arrived the Nifi home page. My question is why I need to manfully import the .p12 file into browser. Hasn’t it been working like any other public websites (such as https://www.google.com) without doing anything on client side?
 
 
 
Please let me know if you have any questions. Awaiting for your reply. Thank you!
 




Ren Yang



Reply | Threaded
Open this post in threaded view
|

Re: Secure Nifi with DigiCert

Andy LoPresto
If this is the same question posted to the Slack channel earlier, I’ll reply here as well. 

Importing the .p12 file into your browser provides the client certificate identifying you as a user to the site. When you visit google.com, only one end of the connection (Google, the server) presents a certificate, which you the user (your browser) verify and decide to trust. When you visit a NiFi instance which is secured and has no other authentication mechanism configured, the only way to authenticate is to present a client certificate.


Andy LoPresto
[hidden email]
[hidden email]
He/Him
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

On May 19, 2020, at 7:24 PM, Ren Yang <[hidden email]> wrote:



Hi Nifi Team,
Thanks for reading my email. I have encountered an issue of securing Nifi with Digicert issue. Could you please read the following details.
 
I have got the Digicert related files and generated the keystore.jks and truststore.jks. And all other setup steps have finished. However, when I come to my nifi site with HTTPS URL, it denied.
<image001.png>
 
Next, I double clicked the nifi.p12 which generated by openssl command, imported it into Keychain access. 
 
<image002.png>
 
Then I access my Nifi https url again, the cert confirmation window comes. After pressed “OK”, I arrived the Nifi home page. My question is why I need to manfully import the .p12 file into browser. Hasn’t it been working like any other public websites (such as https://www.google.com) without doing anything on client side?
 
<image003.png>
 
 
Please let me know if you have any questions. Awaiting for your reply. Thank you!
 




Ren Yang