Created 09-17-2018 10:41 AM
Hi , I have installed apache nifi on Linux and have also created the SSL certificates at the server level. I need to now do the same at the client level , basically import the certificates on Google Chrome so that my https UI can work. Does anyone have a step by step procedure on how to do this. I have checked on the net , I have got some information however it is far from perfect and am not sure how to go about it. Any help here will be greatly appreciated.
Created 09-17-2018 10:27 PM
Hi Abhinav,
If you used the NiFi TLS Toolkit to generate the server certificates, I would run the toolkit on the same Linux machine where you generated the server certificates with a command like below (see the TLS Toolkit section of the NiFi Admin Guide for more information, i.e. if you ran it in client/server mode originally, use that, etc.):
$ ./bin/toolkit-tls.sh standalone -C "CN=ajoshi, OU=Apache NiFi" -B passwordpassword
Populate the CN field with whatever you want to be your username for accessing NiFi and assigning permissions. Using the toolkit on the same machine (in the same directory) will use the NiFi CA that was previously generated, so everything will be signed by the correct keys. You will get two files as a result:
CN=abhinav_OU=Apache_NiFi.p12
CN=abhinav_OU=Apache_NiFi.password
The first is a PKCS12 keystore which you can import into your operating system keychain so Chrome will access it. The second is a text file containing the password you set (if you omit the -B
flag, it will randomly generate a strong password).
Copy the .p12
file to your client system and (I believe on Windows, double-clicking will work), import the client certificate into your keychain. See here for more specific per-browser instructions.
Created 09-18-2018 02:45 AM
Thanks @Andy LoPresto . I will go through this in detail and will revert once am successful. Thanks again for taking your time out and responding to this query.
Created 11-05-2018 04:10 PM
Hello @Abhinav Joshi and @Andy LoPresto
I wanna install minifi and i already installed NIFI.
The issue is minifi can't connect to nifi due to TLShandshake problem with nifi whom already hev a keystore.jks et truststore.jks.
Any suggesion
Thanks you in advance
Created 11-17-2018 10:01 AM
How did you generate your Certificates. I actually generated on the Nifi Linux machine using the command bin/tls-toolkit.sh standalone -n <<minifiserver>> -d 3650 and then ftped the keystore and truststore files over to the minifi server which was also a Linux machine.
How have you done it in your case