Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Enabling SSL for Nifi UI

Enabling SSL for Nifi UI

New Contributor

Hi guys,

I know this question has been answered before although none of the procedures/guides I have tried so far have been successful. I will list my attempts below:

Cluster Info - Ubuntu 14:

Ambari-2.5.2.0

HDP-2.6.2.14

HDF-3.0

hdf-ambari-mpack-3.0.1.1-5

Method 1 - Using the Nifi Toolkit to generate the required components:

Using the guide: https://bryanbende.com/development/2016/08/17/apache-nifi-1-0-0-authorization-and-multi-tenancy

I have then replaced the output files into the usr/hdf/current/nifi/conf folder

I have not followed the "Cluster Configuration" section as I have only 1 instance of Nifi. Which is already integrated into the Ambari cluster with the correct zookeeper settings already configured.

I have copied the same Authorizer settings as shown.

- In this example it shows Nifi auto-configuring to port 9443 on startup..no idea how that is set. Regardless when I attempt port 9091, I get nothing. Nifi is still running as http on port 9090.

Method 2 - Configuring the components manually:

Following this video tutorial: https://www.youtube.com/watch?v=7DM1ZuWmcAQ

I ran the following commands:

#: keytool -genkey -alias NifiTest -keyalg RSA -keysize 1024 -dname "CN=NiFi NifiTest, OU=SCC,O=SCC,L=Annapolis,S =Maryland,C=US" -keypass test1234 -keystore  NifiTest.jks -storepass test1234 -validity 360
#: keytool -importkeystore -srckeystore  NifiTest.jks -destkeystore NifiTest.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass test1234 -deststorepass test1234 -srcalias NifiTest -destalias NifiTest -srckeypass test1234 -destkeypass test1234 -noprompt
#: keytool -export -keystore  NifiTest.jks -storepass test1234 -alias NifiTest -file NifiTest.cer
#: keytool -import -trustcacerts -file NifiTest.cer -alias NifiTest -keystore truststore.jks -storepass test1234 -noprompt

and updated the following settings in Ambari - Nifi:

Keystore path: /usr/hdf/current/nifi/conf/NifiTest.jks

Keystore password: test1234

Keystore type: JKS

Truststore path: /usr/hdf/current/nifi/conf/truststore.jks

Truststore password: test1234

Truststore type: JKS

- I added the custom cert into my Firefox browser

Nifi still runs on http port 9090.

If I check "Enable SSL?" under "Advanced nifi-ambari-ssl-config. Nifi does not restart and is left with this error:

2018-04-24 10:51:15,160 - Generating NiFi Keystore and Truststore
2018-04-24 10:51:15,160 - File['/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/files/nifi-toolkit-1.2.0.3.0.1.1-5/bin/tls-toolkit.sh'] {'mode': 0755}
Command failed after 1 tries

It appears to be trying to re-generate what I have already generated.. Not sure how to proceed, any advice would be greatly appreicated.

Thanks,

Luka

Don't have an account?
Coming from Hortonworks? Activate your account here