How to handle insecure certificates?

[twitt]

Haven't found an option how to access nifi if it has insecure certificate?

[twitt]

This didn't help nipyapi.config.registry_config.verify_ssl = False nipyapi.config.nifi_config.verify_ssl = False

still getting: urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='MY_HOST', port=443): Max retries exceeded with url: /nifi-api/access/token (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

[kevdoran]

Hi @twitt. Rather than disabling ssl server cert verification, I suggest you add the Certificate Authority public certificate (the cert used to "self-sign" the server cert) to nipyapi. This is required to be a .pem format file. There is an example of this here: https://github.com/Chaffelson/nipyapi/blob/master/nipyapi/demo/secure_connection.py#L204

This will configure the tls client library used by NiPyAPI to trust the server certificate.

[tanatonaut]

salt of the example above nipyapi.security.set_service_ssl_context(service='nifi',ca_file="C:\Path_to_cert\in_PEM_format\nifi.cer",check_hostname=False)