Support Questions

Find answers, ask questions, and share your expertise

Configuring NIFI over HTTPS


I recently installed NIFI and following this page: How To Create User Generated Keys for Securing Nifi I created my root CA, kerver keystore, and user pk12 certs. I did install the user cert into my browser and configured as outlined.

When I start Nifi, the server starts up, everything looks fine in the nifi-app.log file and I see these lines:

INFO [main] JettyServer NiFi has started. The UI is available at the following URLs: INFO [main] JettyServer http://myservernode1:8880/nifi
INFO [main] JettyServer https://myservernode1:9443/nifi
INFO [main] BootstrapListener Successfully initiated communication with Bootstrap
INFO [main] NiFi Controller initialization took 56125764984 nanoseconds.INFO [main] JettyServer https://myservernode1:9443/nifi

However, when I attempt the https URL I get no response - the browser shows "can't establish a connection".

I have used tcpdump to ensure the requests are hitting the server and they are. Basically, I can see the requests coming over the NIC on port 9443 to the server.

I tried using curl in an attempt to better see if there was any response.

$ curl --insecure https://myservernode1:9443/nifi
curl: (7) Failed to connect to myservernode1 port 9443: Connection refused

I cannot find anything being logged (within the nifi logs directory or within /var/log) that would indicate what is not working.

iptables is turned off as is selinux.

Can anyone offer any suggestions on where I can look? Last time I did this was for Nifi 0.6 and everything worked wonderfully.

I appreciate any assistance.

Thank you, -Marc



I should add that netstat shows a listener on 9443:

# netstat -peant | grep 9443
tcp  0  0*  LISTEN  0  1815124  9347/java


Hi @marksf,

Can you try in a different browser?

Also, can you verify if all is done as per "Generate Client certificate section" of below article :

Importing certificate into Firefox :


Thanks for the response Arti.

I did try with Chrome and Firefox. Also, I installed Nifi from the tar gzip; thus, it does not have ambari running behind it.

I did successfully import the cert into firefox and chrome. I was familiar with the process from my initial install of Nifi 0.6 ~8 months ago.

Hi @marksf,

Could you provide the result of the following command:

openssl s_client -connect https://myservernode1:9443/nifi


Hello @Pierre Villard, thank you for your response.

So this provides more info than I have seen thus far:

# openssl s_client -connect https://myservernode1:9443/nifi 
getaddrinfo: Servname not supported for ai_socktype