Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Can't get Certs to Work using nifi-tool-kit: 2 WEEKS wasted

Can't get Certs to Work using nifi-tool-kit: 2 WEEKS wasted

New Contributor

Dear Team,


I have spent 2 weeks trying to get the certs to work properly. In order to reduce any errors, I am even USING the nifii-toolkit! The end result is I get a BLANK PAGE after all the following steps are taken! I feel so defeated...


1. Step 1 : cd /root/nifi-toolkit-1.9.2/bin && ./tls-toolkit.sh standalone -n 'localhost' -C 'CN=username,OU=NIFI'


This produces the following:

#2019/04/15 01:53:09 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine: No nifiPropertiesFile specified, using embedded one.

#2019/04/15 01:53:09 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Running standalone certificate generation with output directory ../bin

#2019/04/15 01:53:10 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Generated new CA certificate ../bin/nifi-cert.pem and key ../bin/nifi-key.key

#2019/04/15 01:53:10 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Writing new ssl configuration to ../bin/localhost

#2019/04/15 01:53:10 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Successfully generated TLS configuration for localhost 1 in ../bin/localhost

#2019/04/15 01:53:10 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Generating new client certificate ../bin/CN=username_OU=NIFI.p12

#2019/04/15 01:53:11 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Successfully generated client certificate ../bin/CN=username_OU=NIFI.p12

#2019/04/15 01:53:11 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: tls-toolkit standalone completed successfully

The End Result of this is: ./Localhost Directory is created, which has all the files you need (so you would think!)


2. IN the Localhost Directory there are following files

  • keystore.jks
  • nifi.properties
  • truststore.jks


I furthermore MODIFY (i also modify the authorizers.xml file)

<userGroupProvider>

<identifier>file-user-group-provider</identifier>

<class>org.apache.nifi.authorization.FileUserGroupProvider</class>

<property name="Users File">./conf/users.xml</property>

<property name="Legacy Authorized Users File"></property>

<property name="Initial User Identity 1">CN=username,OU=NIFI</property>

</userGroupProvider>


<accessPolicyProvider>

<identifier>file-access-policy-provider</identifier>

<class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>

<property name="User Group Provider">file-user-group-provider</property>

<property name="Authorizations File">./conf/authorizations.xml</property>

<property name="Initial Admin Identity">CN=username,OU=NIFI</property>

<property name="Legacy Authorized Users File"></property>

<property name="Node Identity 1"></property>

<property name="Node Group"></property>

</accessPolicyProvider>


I COPY these THREE files plus the authorizers.xml to the /root/nifi-1.9.2/conf

3. I restart using ./nifi.sh stop; ./nifi.sh start


4. I install the custom CERT to my mac keystore . ../bin/CN=username_OU=NIFI.p12 cert,


5. I hit the website and its a BLANK page!


I have spent so much time on this effort, i am now trying to re-articate my solution. Please save my from MY stupidity!




Don't have an account?
Coming from Hortonworks? Activate your account here