Community Articles

Find and share helpful community-sourced technical articles.
Labels (1)

Steps to enable SSL for Grafana from the keystore file.

1. First create keystore file using below command.

$JAVA_HOME/bin/keytool -genkey -keyalg RSA -alias grafana  -keystore keystore.jks -validity 360 -keysize 2048

2. Now export cert from JKS file

keytool -export -alias grafana -file server.cer -keystore keystore.jks

3. Convert cert from DER to PEM format

openssl x509 -in server.cer -inform der -outform pem -out cert.pem

4. Export privatekey to PKCS12 file

keytool -v -importkeystore -srckeystore keystore.jks   -srcalias ambari -destkeystore myp12file.p12 -deststoretype PKCS12

5. Now export private key from PKCS12 to PEM format.

openssl pkcs12 -in myp12file.p12  -clcerts -nodes -nocerts | openssl rsa > private.key

Note: private.key should be unencrypted file. it should be like

-----BEGIN RSA PRIVATE KEY-----
xxxx

-----END RSA PRIVATE KEY-----

Should be not having like "-----BEGIN ENCRYPTED PRIVATE KEY-----"

The reason for using un encrypted key is because Grafana does not have any option to take privatekey password.

6. configure below properties under "Advanced ams-grafana-ini"

Advanced ams-grafana-iniprotocolhttps
Advanced ams-grafana-inicert_filepath/cert.pem
Advanced ams-grafana-inicert-Key

path/private.key

7. Restart Grafana server

8. You should be able to access the UI using https://HOSTNAME:3000/

15,954 Views
Comments
Not applicable

FYI: I think I see a typo - srcalias in step 4 doesn't match alias in step 2.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.
Version history
Last update:
‎02-23-2017 10:47 PM
Updated by:
Contributors
Top Kudoed Authors