I recently installed NIFI and following this page: How To Create User Generated Keys for Securing Nifi I created my root CA, kerver keystore, and user pk12 certs. I did install the user cert into my browser and configured nifi.properties as outlined.
When I start Nifi, the server starts up, everything looks fine in the nifi-app.log file and I see these lines:
INFO [main] JettyServer NiFi has started. The UI is available at the following URLs: INFO [main] JettyServer http://myservernode1:8880/nifi INFO [main] JettyServer https://myservernode1:9443/nifi INFO [main] BootstrapListener Successfully initiated communication with Bootstrap INFO [main] NiFi Controller initialization took 56125764984 nanoseconds.INFO [main] JettyServer https://myservernode1:9443/nifi
However, when I attempt the https URL I get no response - the browser shows "can't establish a connection".
I have used tcpdump to ensure the requests are hitting the server and they are. Basically, I can see the requests coming over the NIC on port 9443 to the server.
I tried using curl in an attempt to better see if there was any response.
$ curl --insecure https://myservernode1:9443/nifi curl: (7) Failed to connect to myservernode1 port 9443: Connection refused
I cannot find anything being logged (within the nifi logs directory or within /var/log) that would indicate what is not working.
iptables is turned off as is selinux.
Can anyone offer any suggestions on where I can look? Last time I did this was for Nifi 0.6 and everything worked wonderfully.
I appreciate any assistance.
Thank you, -Marc
I should add that netstat shows a listener on 9443:
# netstat -peant | grep 9443 tcp 0 0 192.168.2.21:9443 0.0.0.0:* LISTEN 0 1815124 9347/java
Can you try in a different browser?
Also, can you verify if all is done as per "Generate Client certificate section" of below article :
Importing certificate into Firefox : https://blog.rosander.ninja/nifi/toolkit/tls/2016/09/19/tls-toolkit-intro.html
Thanks for the response Arti.
I did try with Chrome and Firefox. Also, I installed Nifi from the tar gzip; thus, it does not have ambari running behind it.
I did successfully import the cert into firefox and chrome. I was familiar with the process from my initial install of Nifi 0.6 ~8 months ago.