Hi Kirk DeMumbrane, In the below command, tls-toolkit.sh client -c servername.domain.com -D "CN=admin, OU=NIFI" -t nifi -p 10443 -T pkcs12 t is the CA Token, which shall be of minimum 16 characters. Cheers, Sarath Tammisetty. ... View more

Hi Matt, @Matt Clarke I am facing similar issue in my ambari cluster, which has only one node for now. This is a kerberos enabled cluster with realm name MASTER, and I have added a principal for nifi as nifiadmin@MASTER. I am enabling SSL and I am able to login to the SSL enabled nifi. But there I am facing the below issue " An unexpected error has occurred javax.net.ssl.SSLPeerUnverifiedException: Hostname master not verified: certificate: sha256/OeYwuYhOAaTVnMMLvGSCJZU= DN: CN=nifiadmin@MASTER, OU=NIFI, O=SELF, L=CN, ST=TN, C=IN subjectAltNames: [] " So I have tried the above steps mentioned by you here, 1. curl 'https://<nifihostname>:<port>/nifi-api/access/token' --data 'username=<username>&password=<password>' -k Gave me string of characters as mentioned by you. 2. token="$(curl 'https://<nifihostname>:<port>/nifi-api/access/token' --data 'username=<username>&password=<password>' -k)" This was also successful. 3. curl 'https://<nifihostname>:<port>/nifi-api/flow/current-user' -H "Authorization: Bearer $token" -k Here it failed saying the below: javax.net.ssl.SSLPeerUnverifiedException: Hostname master not verified: certificate: sha256/OeYwuYhOAaTVnMMLvGSCJZU= DN: CN=nifiadmin@MASTER, OU=NIFI, O=SELF, L=CN, ST=TN, C=IN subjectAltNames: [] Could you please help me to sort this out... Thanks in advance, Sarath. ... View more

Hi Matt, @Matt Clarke I have a ambari cluster with one node named master, I have enabled kerberos for this cluster with realm name as MASTER. Now I am trying to enable SSL for the NiFi service with the certificates generated using java tool kit(Cert has CN=nifiadmin@MASTER, OU=NIFI, O=SELF, L=CN, ST=TN, C=IN ). I have added a kerberos principal for the NiFi with name nifiadmin@MASTER. I am trying to give Initial admin identity as nifiadmin@MASTER and node identity as <property name="Node Identity 1">CN=master, OU=NIFI</property>. When I am opening NiFi from the quick links, I am able to login with nifiadmin@MASTER but after logging in I am facing the below issue " An unexpected error has occurred javax.net.ssl.SSLPeerUnverifiedException: Hostname master not verified: certificate: sha256/OeYw+uYhOAaVnMuPpgyqQFLuML= DN: CN=nifiadmin@MASTER, OU=NIFI, O=SELF, L=CN, ST=TN, C=IN subjectAltNames: [] " While looking in to the nifi-user.log I have found Authentication is successful, " INFO [NiFi Web Server-28] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: OpenId Connect is not configured.. Returning Conflict response. INFO [NiFi Web Server-338] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for nifiadmin@MASTER INFO [NiFi Web Server-338] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<JWT token>) GET https://master:9091/nifi-api/flow/current-user INFO [NiFi Web Server-340] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[anonymous], groups[none] does not have permission to access the requested resource. Unknown user with identity 'anonymous'. Returning Unauthorized response. " I am trying with various combinations but none of them are working, Could you please help me to sort out the issue. It will be very helpful. Thanks in advance, Sarath. ... View more