Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Configuring NIFI over HTTPS

Highlighted

Configuring NIFI over HTTPS

Contributor

I recently installed NIFI and following this page: How To Create User Generated Keys for Securing Nifi I created my root CA, kerver keystore, and user pk12 certs. I did install the user cert into my browser and configured nifi.properties as outlined.

When I start Nifi, the server starts up, everything looks fine in the nifi-app.log file and I see these lines:

INFO [main] JettyServer NiFi has started. The UI is available at the following URLs: INFO [main] JettyServer http://myservernode1:8880/nifi
INFO [main] JettyServer https://myservernode1:9443/nifi
INFO [main] BootstrapListener Successfully initiated communication with Bootstrap
INFO [main] NiFi Controller initialization took 56125764984 nanoseconds.INFO [main] JettyServer https://myservernode1:9443/nifi

However, when I attempt the https URL I get no response - the browser shows "can't establish a connection".

I have used tcpdump to ensure the requests are hitting the server and they are. Basically, I can see the requests coming over the NIC on port 9443 to the server.

I tried using curl in an attempt to better see if there was any response.

$ curl --insecure https://myservernode1:9443/nifi
curl: (7) Failed to connect to myservernode1 port 9443: Connection refused

I cannot find anything being logged (within the nifi logs directory or within /var/log) that would indicate what is not working.

iptables is turned off as is selinux.

Can anyone offer any suggestions on where I can look? Last time I did this was for Nifi 0.6 and everything worked wonderfully.

I appreciate any assistance.

Thank you, -Marc

5 REPLIES 5

Re: Configuring NIFI over HTTPS

Contributor

I should add that netstat shows a listener on 9443:

# netstat -peant | grep 9443
tcp  0  0  192.168.2.21:9443  0.0.0.0:*  LISTEN  0  1815124  9347/java

Re: Configuring NIFI over HTTPS

Contributor

Hi @marksf,

Can you try in a different browser?

Also, can you verify if all is done as per "Generate Client certificate section" of below article :

https://community.hortonworks.com/articles/58009/hdf-20-enable-ssl-for-apache-nifi-from-ambari.html

Importing certificate into Firefox : https://blog.rosander.ninja/nifi/toolkit/tls/2016/09/19/tls-toolkit-intro.html

Re: Configuring NIFI over HTTPS

Contributor

Thanks for the response Arti.

I did try with Chrome and Firefox. Also, I installed Nifi from the tar gzip; thus, it does not have ambari running behind it.

I did successfully import the cert into firefox and chrome. I was familiar with the process from my initial install of Nifi 0.6 ~8 months ago.

Re: Configuring NIFI over HTTPS

Hi @marksf,

Could you provide the result of the following command:

openssl s_client -connect https://myservernode1:9443/nifi

Re: Configuring NIFI over HTTPS

Contributor

Hello @Pierre Villard, thank you for your response.

So this provides more info than I have seen thus far:

# openssl s_client -connect https://myservernode1:9443/nifi 
getaddrinfo: Servname not supported for ai_socktype 
connect:errno=0
Don't have an account?
Coming from Hortonworks? Activate your account here