Hello Michael, The PutS3Object processor has an SSL Context Service property which would be used to create SSL connections. You would configure one of those with your certs and keys. Since you are behind a gateway, which likely acts as a proxy, you might need to look into the proxy related properties of the PutS3Object processor, too.
That should work for you, but if not, then I would look into using the S3 REST API with a NiFi InvokeHTTP processor. InvokeHTTP can definitely do mutual auth SSL, and the S3 REST API is well documented by AWS. Regards, -- Mike On Wed, Jan 30, 2019 at 2:34 PM Vincent, Mike <mvinc...@mitre.org> wrote: > A bit of a strange request because we have a unique situation. Trying to > move files upto and S3 bucket and the pipeline I’ve create works fine > ending in PutS3Object and the files show up in the bucket. Moving to our > production environment, we’ll be behind a gateway that we’ll need to do a > mutual client / server SSL authentication. Example: > > > > > https://www.naschenweng.info/2018/02/01/java-mutual-ssl-authentication-2-way-ssl-authentication/ > > > > The test code works fine against a test server with test certs and keys. > > > > Now the question – there is no “SSL mutual authentication” option in > PutS3Object processor. Can I create a mutually authenticated SSL session > and pass that context to the PutS3Object (doesn’t seem so) or some other > approach? Currently, I’m thinking my only path is to write a new > PutS3Object-MA (where MA = mutual authentication) and provides properties > in configure for the cert and key file and creates the appropriate SSL > context for the underlying HTTPS connection. I’m thinking that’s no small > feat for a novice Java programmer? > > > > Cheers, > > > > Michael J. Vincent > > Lead Network Systems Engineer | The MITRE Corporation | Network Technology > & Security (T864) | +1 (781) 271-8381 >
