无法通过 HTTPS 连接我的 NiFi 注册表 - 您的连接不是私有的

问题描述 投票:0回答:0

我在我的 Linux ubuntu 机器上设置了 NiFi 注册表。

我使用此命令来生成证书。

sudo ./tls-toolkit.sh standalone -n "xx.xx.xx.xx" -C "CN=sys_admin, OU=NIFI" -o target

xx.xx.xx.xx 是我的主机IP

上述命令生成以下文件夹和证书

xx.xx.xx.xx (folder)
CN=sys_admin_OU=NIFI.p12
CN=sys_admin_OU=NIFI.password
nifi-cert.pem
nifi-key.key

xx.xx.xx.xx文件夹有以下文件:

keystore.jks
nifi.properties
truststore.jks

我将 keystore.jks 和 truststore.jks 复制到 /opt/nifi-registry/conf 目录中

我还从 nifi-properties 文件复制 keystorepasswd、truststorepasswd 和 keypasswd 值并将其粘贴到 nifi-registry-properties 中。如下图所示:


# security properties #

nifi.registry.security.autoreload.interval=10 secs
nifi.registry.security.keystore=./conf/keystore.jks
nifi.registry.security.keystoreType=jks
nifi.registry.security.keystorePasswd=5Nj2vk8ElO3KtSPrJnGBIO/qJcoZmccx1/0oRSQws/Q
nifi.registry.security.keyPasswd=5Nj2vk8ElO3KtSPrJnGBIO/qhsgbmah75f0oRSQws/Q
nifi.registry.security.truststore=./conf/truststore.jks
nifi.registry.security.truststoreType=jks
nifi.registry.security.truststorePasswd=iLUegD3fUzshndhb45djh45enzOdf54d5sbgdCO21es
nifi.registry.security.needClientAuth=
nifi.registry.security.authorizers.configuration.file=./conf/authorizers.xml
nifi.registry.security.authorizer=managed-authorizer
nifi.registry.security.identity.providers.configuration.file=./conf/identity-providers.xml
nifi.registry.security.identity.provider=

[在此处输入图像描述][1]

我还在下面的Authorizers.xml文件内容中进行了修改。

    <userGroupProvider>
        <identifier>file-user-group-provider</identifier>
        <class>org.apache.nifi.registry.security.authorization.file.FileUserGroupProvider</class>
        <property name="Users File">./conf/users.xml</property>
        <property name="Initial User Identity 1">CN=sys_admin, OU=NIFI</property>
    </userGroupProvider>


    <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.apache.nifi.registry.security.authorization.file.FileAccessPolicyProvider</class>
        <property name="User Group Provider">file-user-group-provider</property>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Initial Admin Identity">CN=sys_admin, OU=NIFI</property>
        <property name="NiFi Group Name"></property>

        <!--<property name="NiFi Identity 1"></property>-->
    </accessPolicyProvider>

然后重新启动我的 NiFi-Registry 后我尝试访问它。

https://主机IP:8443/nifi-registry

我的浏览器显示:

**Your connection isn't private**
Attackers might be trying to steal your information from xx.xx.xx.xx (for example, passwords, messages, or credit cards).

NET::ERR_CERT_AUTHORITY_INVALID

This server couldn't prove that it's xx.xx.xx.xx; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.

我还在受信任的根证书中添加了证书,但我仍然得到这个。 有人可以帮忙吗?

linux ssl ssl-certificate apache-nifi self-signed
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.