nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Rosander <brosan...@apache.org>
Subject Re: NiFi web ui not open after enabled auth
Date Wed, 08 Mar 2017 14:29:04 GMT
Hi Kumar,

I would suggest using NiFi's tls-toolkit in order to facilitate certificate
generation.  It can generate a Certificate Authority (to import into the
browser), keystore and truststore for NiFi as well as a client p12 file in
a single command.

You can get it from the NiFi download page as part of the nifi-toolkit.

If you run (replacing YOUR_HOSTNAME with your actual hostname):
bin/tls-toolkit.sh standalone -n YOUR_HOSTNAME -C 'CN=Kumar'

You should wind up with a YOUR_HOSTNAME directory containing a keystore,
truststore, nifi.properties as well as a p12 and password file for your
client certificate.  You'll want to import nifi-cert.pem into your browser
as a trusted CA so that it knows it can trust the server.

Thanks,
Bryan

On Wed, Mar 8, 2017 at 7:04 AM, kumar r <kumarccpp@gmail.com> wrote:

> Hi,
>
> Configured NiFi 1.1.1 version in windows.
>
> I have enabled client certificate auth with the following properties
>
> *nifi.properties*
>
>     nifi.web.war.directory=./lib
>     nifi.web.http.host=
>     nifi.web.http.port=
>     nifi.web.https.host=hostname
>     nifi.web.https.port=8080
>     nifi.web.jetty.working.directory=./work/jetty
>     nifi.web.jetty.threads=200
>
>     nifi.security.keystore=./conf/ssl/server.keystore
>     nifi.security.keystoreType=JKS
>     nifi.security.keystorePasswd=server_password
>     nifi.security.keyPasswd=server_keypassword
>     nifi.security.truststore=./conf/ssl/server.truststore
>     nifi.security.truststoreType=JKS
>     nifi.security.truststorePasswd=server_password
>     nifi.security.needClientAuth=true
>     nifi.security.user.authorizer=file-provider
>     nifi.security.user.login.identity.provider=
>     nifi.security.ocsp.responder.url=
>     nifi.security.ocsp.responder.certificate=
>
> *authorizers.xml*
>
>         <authorizer>
>             <identifier>file-provider</identifier>
>             <class>org.apache.nifi.authorization.FileAuthorizer</class>
>             <property name="Authorizations File">./conf/authorizations.
> xml</property>
>             <property name="Users File">./conf/users.xml</property>
>             <property name="Initial Admin Identity"></property>
>             <property name="Legacy Authorized Users
> File">./conf/authorized-users.xml</property>
>
>             <!-- Provide the identity (typically a DN) of each node when
> clustered, see above description of Node Identity.
>             <property name="Node Identity 1"></property>
>             <property name="Node Identity 2"></property>
>             -->
>         </authorizer>
>
> *authorized-users.xml*
>
>     <users>
>         <user dn="CN=Kumar">
>             <role name="ROLE_ADMIN"/>
>             <role name="ROLE_DFM"/>
>         </user>
>     </users>
>
> Followed generating server and client ssl certificates from
> http://unix.stackexchange.com/q/347116
>
> Everything was good. NiFi server started and got logs as UI is available
> in following URLs:
>
> https://hostname:8080/nifi
>
> But when i open UI in browser both in firefox and chrome, Nifi web url
> cannot open and it shows
>
> *Secure Connection Failed* in firefox and *This site can’t be reached* in
> chrome
>
> It didn't ask for client certificate.
>
> What i did wrong? How can i achieve this?
>
> http://stackoverflow.com/questions/42668838/nifi-web-
> ui-not-open-after-enabled-auth
>
> Help would be appreciated. Thanks in advance.
>
>

Mime
View raw message