Community Articles

Steps to enable SSL for Grafana from the keystore file.

1. First create keystore file using below command.

$JAVA_HOME/bin/keytool -genkey -keyalg RSA -alias grafana  -keystore keystore.jks -validity 360 -keysize 2048

2. Now export cert from JKS file

keytool -export -alias grafana -file server.cer -keystore keystore.jks

3. Convert cert from DER to PEM format

openssl x509 -in server.cer -inform der -outform pem -out cert.pem

4. Export privatekey to PKCS12 file

keytool -v -importkeystore -srckeystore keystore.jks   -srcalias ambari -destkeystore myp12file.p12 -deststoretype PKCS12

5. Now export private key from PKCS12 to PEM format.

openssl pkcs12 -in myp12file.p12  -clcerts -nodes -nocerts | openssl rsa > private.key

Note: private.key should be unencrypted file. it should be like

-----BEGIN RSA PRIVATE KEY-----
xxxx

-----END RSA PRIVATE KEY-----

Should be not having like "-----BEGIN ENCRYPTED PRIVATE KEY-----"

The reason for using un encrypted key is because Grafana does not have any option to take privatekey password.

6. configure below properties under "Advanced ams-grafana-ini"

7. Restart Grafana server

8. You should be able to access the UI using https://HOSTNAME:3000/