Support Questions

Find answers, ask questions, and share your expertise

Configuring NIFI over HTTPS

Contributor

I recently installed NIFI and following this page: How To Create User Generated Keys for Securing Nifi I created my root CA, kerver keystore, and user pk12 certs. I did install the user cert into my browser and configured nifi.properties as outlined.

When I start Nifi, the server starts up, everything looks fine in the nifi-app.log file and I see these lines:

INFO [main] JettyServer NiFi has started. The UI is available at the following URLs: INFO [main] JettyServer http://myservernode1:8880/nifi
INFO [main] JettyServer https://myservernode1:9443/nifi
INFO [main] BootstrapListener Successfully initiated communication with Bootstrap
INFO [main] NiFi Controller initialization took 56125764984 nanoseconds.INFO [main] JettyServer https://myservernode1:9443/nifi

However, when I attempt the https URL I get no response - the browser shows "can't establish a connection".

I have used tcpdump to ensure the requests are hitting the server and they are. Basically, I can see the requests coming over the NIC on port 9443 to the server.

I tried using curl in an attempt to better see if there was any response.

$ curl --insecure https://myservernode1:9443/nifi
curl: (7) Failed to connect to myservernode1 port 9443: Connection refused

I cannot find anything being logged (within the nifi logs directory or within /var/log) that would indicate what is not working.

iptables is turned off as is selinux.

Can anyone offer any suggestions on where I can look? Last time I did this was for Nifi 0.6 and everything worked wonderfully.

I appreciate any assistance.

Thank you, -Marc

5 REPLIES 5

Contributor

I should add that netstat shows a listener on 9443:

# netstat -peant | grep 9443
tcp  0  0  192.168.2.21:9443  0.0.0.0:*  LISTEN  0  1815124  9347/java

Contributor

Hi @marksf,

Can you try in a different browser?

Also, can you verify if all is done as per "Generate Client certificate section" of below article :

https://community.hortonworks.com/articles/58009/hdf-20-enable-ssl-for-apache-nifi-from-ambari.html

Importing certificate into Firefox : https://blog.rosander.ninja/nifi/toolkit/tls/2016/09/19/tls-toolkit-intro.html

Contributor

Thanks for the response Arti.

I did try with Chrome and Firefox. Also, I installed Nifi from the tar gzip; thus, it does not have ambari running behind it.

I did successfully import the cert into firefox and chrome. I was familiar with the process from my initial install of Nifi 0.6 ~8 months ago.

Hi @marksf,

Could you provide the result of the following command:

openssl s_client -connect https://myservernode1:9443/nifi

Contributor

Hello @Pierre Villard, thank you for your response.

So this provides more info than I have seen thus far:

# openssl s_client -connect https://myservernode1:9443/nifi 
getaddrinfo: Servname not supported for ai_socktype 
connect:errno=0
Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.