nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Gough <thena...@gmail.com>
Subject Re: Not able to add SSL Certificates to Nifi Cluster
Date Mon, 25 Nov 2019 16:16:37 GMT
Hi Uma,

Attached images do not come through to mailing lists. You will need to
post the error as text or send a URL to the image.

Nathan

On Mon, Nov 25, 2019 at 10:39 AM Umasri Vullanki
<uvullanki@softility.com.invalid> wrote:

> Hi Team,
>
> For secure cluster setup,
>
> -> Initially created a 2-node cluster with all the configurations and it
> worked fine. So, I tried to add SSL certificates to it for which I have
> downloaded nifi-toolkit and extracted it. Then for generating
> certificates ran the following command on one of my servers.
>
>
> Here nifi-1 and nifi-2 are hostnames of my servers.
>
> ./bin/tls-toolkit.sh standalone -n nifi-1,nifi-2 -K password -P password
>
> -> After running the above command, these folders and files got generated
>
> Files generated: truststore.jks, keystore.jks, nifi.properties,
> nifi-cert.pem, nifi-key.key
>
> [image: image.png]
>
> ->So, moved nifi-2 folder, nifi-cert.pem and  nifi-key.key to other
> servers (cluster node)
>
> -> Modified nifi-toolkit/nifi.properties and conf/nifi.properties i.e.
> made both the contents of the file as same configurations added
> certifications path, given encrypted passwords and cluster configurations
> in both the nodes
>
> ->  Modified the authorizers.xml as follows:
>
> -->
>
>      <authorizer>
>
>         <identifier>file-provider</identifier>
>
>         <class>org.apache.nifi.authorization.FileAuthorizer</class>
>
>         <property name="Authorizations
> File">./conf/authorizations.xml</property>
>
>         <property name="Users File">./conf/users.xml</property>
>
>         <property name="Initial Admin Identity">CN=admin,
> OU=NIFI</property>
>
>         <property name="Legacy Authorized Users File"></property>
>
>         <property name="Node Identity 1">CN=nifi-1, OU=NIFI</property>
>
>         <property name="Node Identity 2">CN=nifi-2, OU=NIFI</property>
>
>     </authorizer>
>
> -> Now started the cluster in the both nodes
>
> We are getting the below error:
>
> [image: image.png]
>
> -> For this, we tried to delete the existing keys and generated the new
> key pairs and followed the same procedure and started the cluster, but even
> then we are facing the same issue.
>
>
>
> Thanks,
> Uma Sri Vullanki
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message