Member since
12-29-2017
9
Posts
0
Kudos Received
0
Solutions
02-21-2019
10:39 PM
@Matt Clarke: Thank you for your detailed explanation!
... View more
02-21-2019
09:47 PM
@Matt Clarke: Thank you for pointing out that! I changed and it did solve my problem. I'm able to view my dataflow right now. There is a warning in my browser saying the connection is not secured: What would I do next to make sure the connection is secured?
... View more
02-21-2019
08:53 PM
I'd like to turn on SSL mode for Nifi UI. I'm having a single Nifi node which is running: - HDF 3.1.2 - Nifi 1.5 This is what I have done: - I used TLS Toolkit (standalone mode) to generate keystore/truststore and P12 file as instructed in here: https://community.hortonworks.com/articles/58233/using-the-tls-toolkit-to-simplify-security.html - I imported above P12 to my browser in my laptop (note that my Nifi is running in a cloud server - not my laptop). - I'm able to access Nifi UI in secured port but it shows "Insufficient Permissions" error from the UI: - I have tried deleting "authorizations.xml" and "users.xml" under "/var/lib/nifi/conf" before restating Nifi but that doesn't help to resolve it. Can anyone please help me figure out what I would miss? - I have attached content of my "users.xml" and "authorizations.xml". - This is content of my authorizers.xml: <authorizers>
<authorizer>
<identifier>file-provider</identifier>
<class>org.apache.nifi.authorization.FileAuthorizer</class>
<property name="Authorizations File">/var/lib/nifi/conf/authorizations.xml</property>
<property name="Users File">/var/lib/nifi/conf/users.xml</property>
<property name="Initial Admin Identity">CN=scarroll, OU=NIFI</property>
<property name="Legacy Authorized Users File"></property>
<!-- Provide the identity (typically a DN) of each node when clustered (see tool tip for detailed description of Node Identity). Must be specified when Ranger Nifi plugin will not be used for authorization. -->
<property name="CN=localhost, OU=NIFI"></property>
<!--
<property name="Node Identity 2"></property>
<property name="Node Identity 3"></property>
<property name="Node Identity 4"></property>
-->
</authorizer>
</authorizers> - This is content of my P12 file (truncated, the one I imported to my browser) which contains 2 certificates: keytool -list -v -keystore CN=scarroll_OU=NIFI.p12 -storetype PKCS12
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
Alias name: nifi-key
Creation date: Feb 21, 2019
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=scarroll, OU=NIFI
Issuer: CN=localhost, OU=NIFI
Serial number: 16910e7d2b300000000
Valid from: Thu Feb 21 11:33:42 EST 2019 until: Sun Feb 20 11:33:42 EST 2022
Certificate fingerprints:...
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
....
Certificate[2]:
Owner: CN=localhost, OU=NIFI
Issuer: CN=localhost, OU=NIFI
Serial number: 16910e7c21e00000000
Valid from: Thu Feb 21 11:33:37 EST 2019 until: Sun Feb 20 11:33:37 EST 2022
Certificate fingerprints:...
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3 - This is content of keystore (truncated) in my Nifi server: Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: nifi-key
Creation date: Feb 21, 2019
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=NIFI
Issuer: CN=localhost, OU=NIFI
Serial number: 16910e7c84000000000
Valid from: Thu Feb 21 11:33:39 EST 2019 until: Sun Feb 20 11:33:39 EST 2022
Certificate fingerprints:...
Extensions:
...
Certificate[2]:
Owner: CN=localhost, OU=NIFI
Issuer: CN=localhost, OU=NIFI
Serial number: 16910e7c21e00000000
Valid from: Thu Feb 21 11:33:37 EST 2019 until: Sun Feb 20 11:33:37 EST 2022
Certificate fingerprints:
...
Signature algorithm name: SHA256withRSA
Version: 3 - This is content of trustore (truncated) in my Nifi server: Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: nifi-cert
Creation date: Feb 21, 2019
Entry type: trustedCertEntry
Owner: CN=localhost, OU=NIFI
Issuer: CN=localhost, OU=NIFI
Serial number: 16910e7c21e00000000
Valid from: Thu Feb 21 11:33:37 EST 2019 until: Sun Feb 20 11:33:37 EST 2022
Certificate fingerprints:
...
Version: 3
Extensions: - users.xml: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<tenants>
<groups/>
<users>
<user identifier="fea243e2-c7e5-3a98-b666-f646700c4b89" identity="CN=scarroll, OU=NIFI"/>
</users>
</tenants> authorizations.xmlusers.xml
... View more
Labels:
- Labels:
-
Apache NiFi