Support Questions
Find answers, ask questions, and share your expertise

Nifi UI is not working after enabling CA cert

Versions: Ambari - 2.5.1, HDF -, Nifi - 1.2.0

In my setup, nifi is a part of cluster(Ambari). By default nifi is listening on 9091. Port is open.

	# netstat -tulnp|grep -i 9091
	tcp        0      0 xxxx:9091*                   LISTEN      7426/java

I've refered
but the solution is not working for me. (By changing port)

	INFO [main] org.apache.nifi.bootstrap.Command Apache NiFi is currently running, listening to Bootstrap on port 43781, PID=19882

Nifi services are running fine but Nifi UI is not working. Checked with same instance by lynx https://nifi-ip:9091 but it is not accessible.

Please suggest:

Output of /var/log/nifi/nifi-app.log

 INFO [Process Cluster Protocol Request-10] o.a.n.c.p.impl.SocketProtocolListener Finished processing request f5124041-e599-45af-8b47-117dfbfc91f0 (type=HEARTBEAT, length=3230 bytes) from ip-xxxx.ec2.internal:9091 in 140 millis
 INFO [Clustering Tasks Thread-1] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2017-09-12 11:54:51,923 and sent to ip-xxxx.ec2.internal:9088 at 2017-09-12 11:54:52,067; send took 143 millis
2017-09-12 11:54:53,410 INFO [Timer-Driven Process Thread-2] o.a.n.r.ambari.AmbariReportingTask AmbariReportingTask[id=3b80ba0f-a6c0-48db-b721-4dbc04cef28e] Successfully sent metrics to Ambari in 0 ms

Referred this article:
From this section:

3. Generate client certificate

But there is no config.json file created and also getting some java errors at below steps:

]#./files/nifi-toolkit-*/bin/  client -c xxxx -D 'CN=nifiadmin, OU=xxx' -p 10443 -t xxx -T pkcs12
Exception in thread "main" java.lang.UnsupportedClassVersionError: org/apache/nifi/toolkit/tls/TlsToolkitMain : Unsupported major.minor version 52.0
        at java.lang.ClassLoader.defineClass1(Native Method)
        at java.lang.ClassLoader.defineClass(
        at Method)
        at java.lang.ClassLoader.loadClass(
        at sun.misc.Launcher$AppClassLoader.loadClass(
        at java.lang.ClassLoader.loadClass(
        at sun.launcher.LauncherHelper.checkAndLoadMain(

There are two files available with.json

config-server.json and config-client.json but 'ketstorepassword' is not there. Also there is no correct hostname, CN and OU details.

~]# cat ./files/nifi-toolkit-
  "keyStore" : "clientKeyStore",
  "keyStoreType" : "jks",
  "token" : "myTestTokenUseSomethingStronger",
  "dn" : "CN=otherHostname,OU=NIFI",
  "port" : 8443,
  "caHostname" : "localhost",
  "trustStore" : "clientTrustStore",
  "trustStoreType" : "jks",
  "days" : 1095,
  "keySize" : 2048,
  "keyPairAlgorithm" : "RSA",
  "signingAlgorithm" : "SHA256WITHRSA"

NIFI UI is not accessible. getting below error from /var/log/nifi/nifi-user.log

2017-09-13 13:31:23,676 INFO [NiFi Web Server-87] o.a.n.w.a.c.AccessDeniedExceptionMapper CN=ip-10-248-14-236.ec2.internal, OU=NIFI does not have permission to access the requested resource. Unable to view the user interface. Returning Forbidden response.
; ;