Hi , I have installed apache nifi on Linux and have also created the SSL certificates at the server level. I need to now do the same at the client level , basically import the certificates on Google Chrome so that my https UI can work. Does anyone have a step by step procedure on how to do this. I have checked on the net , I have got some information however it is far from perfect and am not sure how to go about it. Any help here will be greatly appreciated.
If you used the NiFi TLS Toolkit to generate the server certificates, I would run the toolkit on the same Linux machine where you generated the server certificates with a command like below (see the TLS Toolkit section of the NiFi Admin Guide for more information, i.e. if you ran it in client/server mode originally, use that, etc.):
$ ./bin/toolkit-tls.sh standalone -C "CN=ajoshi, OU=Apache NiFi" -B passwordpassword
Populate the CN field with whatever you want to be your username for accessing NiFi and assigning permissions. Using the toolkit on the same machine (in the same directory) will use the NiFi CA that was previously generated, so everything will be signed by the correct keys. You will get two files as a result:
The first is a PKCS12 keystore which you can import into your operating system keychain so Chrome will access it. The second is a text file containing the password you set (if you omit the
-B flag, it will randomly generate a strong password).
.p12 file to your client system and (I believe on Windows, double-clicking will work), import the client certificate into your keychain. See here for more specific per-browser instructions.
How did you generate your Certificates. I actually generated on the Nifi Linux machine using the command bin/tls-toolkit.sh standalone -n <<minifiserver>> -d 3650 and then ftped the keystore and truststore files over to the minifi server which was also a Linux machine.
How have you done it in your case