Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)

Steps to enable SSL for Grafana from the keystore file.

1. First create keystore file using below command.

$JAVA_HOME/bin/keytool -genkey -keyalg RSA -alias grafana  -keystore keystore.jks -validity 360 -keysize 2048

2. Now export cert from JKS file

keytool -export -alias grafana -file server.cer -keystore keystore.jks

3. Convert cert from DER to PEM format

openssl x509 -in server.cer -inform der -outform pem -out cert.pem

4. Export privatekey to PKCS12 file

keytool -v -importkeystore -srckeystore keystore.jks   -srcalias ambari -destkeystore myp12file.p12 -deststoretype PKCS12

5. Now export private key from PKCS12 to PEM format.

openssl pkcs12 -in myp12file.p12  -clcerts -nodes -nocerts | openssl rsa > private.key

Note: private.key should be unencrypted file. it should be like

-----BEGIN RSA PRIVATE KEY-----
xxxx

-----END RSA PRIVATE KEY-----

Should be not having like "-----BEGIN ENCRYPTED PRIVATE KEY-----"

The reason for using un encrypted key is because Grafana does not have any option to take privatekey password.

6. configure below properties under "Advanced ams-grafana-ini"

Advanced ams-grafana-iniprotocolhttps
Advanced ams-grafana-inicert_filepath/cert.pem
Advanced ams-grafana-inicert-Key

path/private.key

7. Restart Grafana server

8. You should be able to access the UI using https://HOSTNAME:3000/

12,524 Views
Comments
Not applicable

FYI: I think I see a typo - srcalias in step 4 doesn't match alias in step 2.

Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎02-23-2017 10:47 PM
Updated by:
 
Contributors
Top Kudoed Authors