我在我的 Linux ubuntu 机器上设置了 NiFi 注册表。
我使用此命令来生成证书。
sudo ./tls-toolkit.sh standalone -n "xx.xx.xx.xx" -C "CN=sys_admin, OU=NIFI" -o target
xx.xx.xx.xx 是我的主机IP
上述命令生成以下文件夹和证书
xx.xx.xx.xx (folder)
CN=sys_admin_OU=NIFI.p12
CN=sys_admin_OU=NIFI.password
nifi-cert.pem
nifi-key.key
xx.xx.xx.xx文件夹有以下文件:
keystore.jks
nifi.properties
truststore.jks
我将 keystore.jks 和 truststore.jks 复制到 /opt/nifi-registry/conf 目录中
我还从 nifi-properties 文件复制 keystorepasswd、truststorepasswd 和 keypasswd 值并将其粘贴到 nifi-registry-properties 中。如下图所示:
# security properties #
nifi.registry.security.autoreload.interval=10 secs
nifi.registry.security.keystore=./conf/keystore.jks
nifi.registry.security.keystoreType=jks
nifi.registry.security.keystorePasswd=5Nj2vk8ElO3KtSPrJnGBIO/qJcoZmccx1/0oRSQws/Q
nifi.registry.security.keyPasswd=5Nj2vk8ElO3KtSPrJnGBIO/qhsgbmah75f0oRSQws/Q
nifi.registry.security.truststore=./conf/truststore.jks
nifi.registry.security.truststoreType=jks
nifi.registry.security.truststorePasswd=iLUegD3fUzshndhb45djh45enzOdf54d5sbgdCO21es
nifi.registry.security.needClientAuth=
nifi.registry.security.authorizers.configuration.file=./conf/authorizers.xml
nifi.registry.security.authorizer=managed-authorizer
nifi.registry.security.identity.providers.configuration.file=./conf/identity-providers.xml
nifi.registry.security.identity.provider=
[在此处输入图像描述][1]
我还在下面的Authorizers.xml文件内容中进行了修改。
<userGroupProvider>
<identifier>file-user-group-provider</identifier>
<class>org.apache.nifi.registry.security.authorization.file.FileUserGroupProvider</class>
<property name="Users File">./conf/users.xml</property>
<property name="Initial User Identity 1">CN=sys_admin, OU=NIFI</property>
</userGroupProvider>
<accessPolicyProvider>
<identifier>file-access-policy-provider</identifier>
<class>org.apache.nifi.registry.security.authorization.file.FileAccessPolicyProvider</class>
<property name="User Group Provider">file-user-group-provider</property>
<property name="Authorizations File">./conf/authorizations.xml</property>
<property name="Initial Admin Identity">CN=sys_admin, OU=NIFI</property>
<property name="NiFi Group Name"></property>
<!--<property name="NiFi Identity 1"></property>-->
</accessPolicyProvider>
然后重新启动我的 NiFi-Registry 后我尝试访问它。
https://主机IP:8443/nifi-registry
我的浏览器显示:
**Your connection isn't private**
Attackers might be trying to steal your information from xx.xx.xx.xx (for example, passwords, messages, or credit cards).
NET::ERR_CERT_AUTHORITY_INVALID
This server couldn't prove that it's xx.xx.xx.xx; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.
我还在受信任的根证书中添加了证书,但我仍然得到这个。 有人可以帮忙吗?