Kiran No problems. I’ve just assign it to myself. Will do our best to have it in next release. Cheers Oleg
On Dec 13, 2016, at 4:13 PM, Kiran <b.deep.internatio...@gmail.com<mailto:b.deep.internatio...@gmail.com>> wrote: Oleg, Sorry for the delay, I've created the following JIRA ticket: https://issues.apache.org/jira/browse/NIFI-3193 If you need anything else added to the ticket give me a bell. I'll attach my test application to the JIRA ticket this weekend. Thanks, Kiran ------ Original Message ------ From: "Oleg Zhurakousky" <ozhurakou...@hortonworks.com<mailto:ozhurakou...@hortonworks.com>> To: "users@nifi.apache.org<mailto:users@nifi.apache.org>" <users@nifi.apache.org<mailto:users@nifi.apache.org>>; "Kiran" <b.deep.internatio...@gmail.com<mailto:b.deep.internatio...@gmail.com>> Sent: 10/12/2016 13:21:41 Subject: Re: NiFi PlublishAMQP using cert CN as username Brian Thank you for detailed explanation. I don't believe you're doing anything wrong. We just need do add the feature you describe (pulling credentials from certificate). Would you mind creating JIRA ticket and if at all possible attach the sample code that demonstrates exactly what you're trying to accomplish? Cheers Oleg On Dec 10, 2016, at 03:52, Kiran <b.deep.internatio...@gmail.com<mailto:b.deep.internatio...@gmail.com>> wrote: Hello, I'm having a bit of trouble getting NiFi to talk to RabbitMQ using SSL. I've created some certificates using the openssl and I have been successful in sending messages to RabbitMQ when I specific an SSL context and a username/password. In this scenario I can see a TLS 1.2 HTTPS connection form between NiFi and RabbitMQ and the username and password used to then authenticate successfully, so from this I know that the certs being used are valid. What I'm trying to achieve is for the RabbitMQ username to be pulled out of the certificate COMMON_NAME so don't need to provide a username and password. I've created a quick test application to confirm that I can connect successfully to RabbitMQ using the certs I created and just the certificate CN name and this worked, which means it must be something I've done wrong within my NiFi processor configuration which is why I'm sending this email for help :) The RabbitMQ configuration I'm using is: * RabbitMQ 3.5.4 * Erlang 18.0 * rabbitmq_auth_mechanism_ssl plugin enabled * Base OS is RHEL 6.5 My RabbitMQ.config contains the following: [ {rabbit, [ {ssl_listeners, [5671]}, {loopback_users, []}, {auth_mechanisms, ['EXTERNAL', 'PLAIN']}, {ssl_options, [{cacertfile,"/home/data/openssl/brian_testca/cacert.pem"}, {certfile,"/home/data/openssl/brian_server/cert.pem"}, {keyfile,"/home/data/openssl/brian_server/key.pem"}, {verify,verify_peer}, {versions, ['tlsv1.2']}, {password, "MySecretPassword"}, {verify,verify_peer}, {ssl_cert_login_from, common_name}, {fail_if_no_peer_cert,true}]} ]} ]. The NiFi configuration I'm using is: * NiFi 0.7.1 (We are in the process of updating to NiFi 1.1.0 but there are some dependencies on other projects so it will happen just not for a few months) * 2 Clusters each made up of 1 NCM and 3 Nodes * In the PublishAMQP I've put the certificate CN name into the "username" field. The client certificate I'm using to connect to RabbitMQ has a CN name of: "rabbitmq_client". There is an entry for it in the RabbitMQ users with NO PASSWORD set. Error message in the rabbitmq log files: =ERROR REPORT==== 7-Dec-2016::21:47:30 === closing AMQP connection <0.905.0> (192.168.137.1:54324 -> 192.168.137.128:5671): {handshake_error,starting,0, {amqp_error,access_refused, "PLAIN login refused: user 'rabbitmq_client' - invalid credentials", 'connection.start_ok'}} Please can you tell me if there is something obvious that I'm missed out in my NiFi configuration? I did have a very brief look at the code and I was thinking that because the USERNAME and PASSWORD were mandatory fields and always used to establish the connection it could be that RabbitMQ prioritises those fields before trying to pull out the CN name and using that for authentication. The reason I was thinking this was in the test app I created I didn't specify the username or password when setting up my ConnectionFactory but the RabbitMQ documentation says even if you don't specify the username and password they default to guest/guest so this could be a red herring. Thanks in advance for the help, Brian
