Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to create SSL certificates for Apache Nifi on Client / Windows

How to create SSL certificates for Apache Nifi on Client / Windows

Expert Contributor

Hi , I have installed apache nifi on Linux and have also created the SSL certificates at the server level. I need to now do the same at the client level , basically import the certificates on Google Chrome so that my https UI can work. Does anyone have a step by step procedure on how to do this. I have checked on the net , I have got some information however it is far from perfect and am not sure how to go about it. Any help here will be greatly appreciated.

@Shu @Matt Burgess @Matt Clarke

4 REPLIES 4

Re: How to create SSL certificates for Apache Nifi on Client / Windows

Hi Abhinav,

If you used the NiFi TLS Toolkit to generate the server certificates, I would run the toolkit on the same Linux machine where you generated the server certificates with a command like below (see the TLS Toolkit section of the NiFi Admin Guide for more information, i.e. if you ran it in client/server mode originally, use that, etc.):

$ ./bin/toolkit-tls.sh standalone -C "CN=ajoshi, OU=Apache NiFi" -B passwordpassword

Populate the CN field with whatever you want to be your username for accessing NiFi and assigning permissions. Using the toolkit on the same machine (in the same directory) will use the NiFi CA that was previously generated, so everything will be signed by the correct keys. You will get two files as a result:

  1. CN=abhinav_OU=Apache_NiFi.p12
  2. CN=abhinav_OU=Apache_NiFi.password

The first is a PKCS12 keystore which you can import into your operating system keychain so Chrome will access it. The second is a text file containing the password you set (if you omit the -B flag, it will randomly generate a strong password).

Copy the .p12 file to your client system and (I believe on Windows, double-clicking will work), import the client certificate into your keychain. See here for more specific per-browser instructions.

Re: How to create SSL certificates for Apache Nifi on Client / Windows

Expert Contributor

Thanks @Andy LoPresto . I will go through this in detail and will revert once am successful. Thanks again for taking your time out and responding to this query.

Re: How to create SSL certificates for Apache Nifi on Client / Windows

New Contributor

Hello @Abhinav Joshi and @Andy LoPresto

I wanna install minifi and i already installed NIFI.

The issue is minifi can't connect to nifi due to TLShandshake problem with nifi whom already hev a keystore.jks et truststore.jks.

Any suggesion

Thanks you in advance

Highlighted

Re: How to create SSL certificates for Apache Nifi on Client / Windows

Expert Contributor

HI @nisrine elloumi

How did you generate your Certificates. I actually generated on the Nifi Linux machine using the command bin/tls-toolkit.sh standalone -n <<minifiserver>> -d 3650 and then ftped the keystore and truststore files over to the minifi server which was also a Linux machine.

How have you done it in your case