You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@nifi.apache.org by Umasri Vullanki <uv...@softility.com.INVALID> on 2019/11/25 15:12:18 UTC

Not able to add SSL Certificates to Nifi Cluster

Hi Team,

For secure cluster setup,

-> Initially created a 2-node cluster with all the configurations and it
worked fine. So, I tried to add SSL certificates to it for which I have
downloaded nifi-toolkit and extracted it. Then for generating certificates
ran the following command on one of my servers.


Here nifi-1 and nifi-2 are hostnames of my servers.

./bin/tls-toolkit.sh standalone -n nifi-1,nifi-2 -K password -P password

-> After running the above command, these folders and files got generated

Files generated: truststore.jks, keystore.jks, nifi.properties,
nifi-cert.pem, nifi-key.key

[image: image.png]

->So, moved nifi-2 folder, nifi-cert.pem and  nifi-key.key to other servers
(cluster node)

-> Modified nifi-toolkit/nifi.properties and conf/nifi.properties i.e. made
both the contents of the file as same configurations added certifications
path, given encrypted passwords and cluster configurations in both the nodes

->  Modified the authorizers.xml as follows:

-->

     <authorizer>

        <identifier>file-provider</identifier>

        <class>org.apache.nifi.authorization.FileAuthorizer</class>

        <property name="Authorizations
File">./conf/authorizations.xml</property>

        <property name="Users File">./conf/users.xml</property>

        <property name="Initial Admin Identity">CN=admin, OU=NIFI</property>

        <property name="Legacy Authorized Users File"></property>

        <property name="Node Identity 1">CN=nifi-1, OU=NIFI</property>

        <property name="Node Identity 2">CN=nifi-2, OU=NIFI</property>

    </authorizer>

-> Now started the cluster in the both nodes

We are getting the below error:

[image: image.png]

-> For this, we tried to delete the existing keys and generated the new key
pairs and followed the same procedure and started the cluster, but even
then we are facing the same issue.



Thanks,
Uma Sri Vullanki

Re: Not able to add SSL Certificates to Nifi Cluster

Posted by Nathan Gough <th...@gmail.com>.

Hi Uma,

Attached images do not come through to mailing lists. You will need to
post the error as text or send a URL to the image.

Nathan

On Mon, Nov 25, 2019 at 10:39 AM Umasri Vullanki
<uv...@softility.com.invalid> wrote:

> Hi Team,
>
> For secure cluster setup,
>
> -> Initially created a 2-node cluster with all the configurations and it
> worked fine. So, I tried to add SSL certificates to it for which I have
> downloaded nifi-toolkit and extracted it. Then for generating
> certificates ran the following command on one of my servers.
>
>
> Here nifi-1 and nifi-2 are hostnames of my servers.
>
> ./bin/tls-toolkit.sh standalone -n nifi-1,nifi-2 -K password -P password
>
> -> After running the above command, these folders and files got generated
>
> Files generated: truststore.jks, keystore.jks, nifi.properties,
> nifi-cert.pem, nifi-key.key
>
> [image: image.png]
>
> ->So, moved nifi-2 folder, nifi-cert.pem and  nifi-key.key to other
> servers (cluster node)
>
> -> Modified nifi-toolkit/nifi.properties and conf/nifi.properties i.e.
> made both the contents of the file as same configurations added
> certifications path, given encrypted passwords and cluster configurations
> in both the nodes
>
> ->  Modified the authorizers.xml as follows:
>
> -->
>
>      <authorizer>
>
>         <identifier>file-provider</identifier>
>
>         <class>org.apache.nifi.authorization.FileAuthorizer</class>
>
>         <property name="Authorizations
> File">./conf/authorizations.xml</property>
>
>         <property name="Users File">./conf/users.xml</property>
>
>         <property name="Initial Admin Identity">CN=admin,
> OU=NIFI</property>
>
>         <property name="Legacy Authorized Users File"></property>
>
>         <property name="Node Identity 1">CN=nifi-1, OU=NIFI</property>
>
>         <property name="Node Identity 2">CN=nifi-2, OU=NIFI</property>
>
>     </authorizer>
>
> -> Now started the cluster in the both nodes
>
> We are getting the below error:
>
> [image: image.png]
>
> -> For this, we tried to delete the existing keys and generated the new
> key pairs and followed the same procedure and started the cluster, but even
> then we are facing the same issue.
>
>
>
> Thanks,
> Uma Sri Vullanki
>