Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Apache NiFi using non self-signed certificates

avatar
Explorer

Please keep in mind I am in no way savvy in "this stuff" at all, so please bare with me.

Issue: I am still receiving "Your connection is not private" / "NET::ERR_CERT_AUTHORITY_INVALID" when accessing the NiFi web UI that I have installed on a Linux server even though I set it up with a certificate provided by my company (I believe did something wrong here).

Goal: Anyone who tries to access the web UI will be met with the NiFi Login screen (this part is already setup with LDAP) without having to import a certificate instead of the warning/secure ("Your connection is not private") page. I think it's important to know that I have it working fine with self-signed certificate and importing the certificate into my browser.

Summary (Please read this knowing that my understanding of the subject is very minimal):

1. I generated a CSR and keystore.jks (from what I understand contains the private key) with the following command:

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore keystore.jks -dname "CN={{domain data here}}" && keytool -certreq -alias server -file nifi.csr -keystore keystore.jks && echo Your certificate signing request is in nifi.csr.  Your keystore file is keystore.jks.  Thanks for using the DigiCert keytool CSR helper.

2. Forwarded the generated CSR to our company CA and they sent back 4 following files:

  1. nifi.cer
  2. nifi.p7b
  3. root-CA.cer
  4. issuing-CA.cer

3. Generated a truststore.jks (with a temp alias and removed it) and imported the nifi.cer into it

keytool -import -alias server -file "nifi.cer" -keystore -truststore.jks

4. Placed the truststore and keystore files into the conf directory of NiFi on the server and updated the # security properties # in nifi.properties to reflect the keystore and truststore files.


Please let me know if I did something wrong or I misunderstood something.

1 ACCEPTED SOLUTION

avatar
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
5 REPLIES 5

avatar
Explorer

@Andy LoPresto

Sorry to bother you, but I see that you have answered other posts that have similar issues to mine and I was hoping you could help out. Thanks!

avatar
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Explorer

Awesome, that worked! Thanks for the help, I appreciate it!

avatar
Explorer

Hey @Andy LoPresto, now that I have this secure instance setup how would I go about Site-to-Site communication with another secure NiFi instance?

These are the list of certificates I have:

NiFi Instance A:

  • nifi.cer
  • nifi.p7b
  • root-CA.cer
  • issuing-CA.cer

Nifi Instance B:

  • nifi.cer
  • nifi.p7b
  • root-CA.cer
  • issuing-CA.cer

Do you know of any resources that would help me with the subject of matter at hand and what you would call it (SSL? TLS? Installing Certificates?)? I am having trouble understanding what my issue is to know what to research to learn enough so that I can avoid asking questions that have already been answered.

Thanks!

avatar
New Contributor

How to download the tool, is there a free one?