Set up https for Grafana

Limiting Grafana access to only HTTPS connections requires providing a certificate.

Using a self-signed certificate for initial trials is possible. Self-signed certificates are not recommended for production environments. After your get your certificate, you must run a special setup command.

Log in to the host on which Grafana resides.
Browse to the Grafana configuration directory.
cd /etc/ambari-metrics-grafana/conf/

Locate your certificate.

If you want to create a temporary self-signed certificate, you can use this as an example:

openssl genrsa -out ams-grafana.key 2048
openssl req -new -key ams-grafana.key -out ams-grafana.csr
openssl x509 -req -days 365 -in ams-grafana.csr -signkey ams-grafana.key -out ams-grafana.crt

Set the certificate, key file ownership, and permissions so that they are accessible to Grafana.
```
chown ams:hadoop ams-grafana.crt
chown ams:hadoop ams-grafana.key
chmod 400 ams-grafana.crt 
chmod 400 ams-grafana.key
```
For a non-root Ambari user, use:
```
chmod 444 ams-grafana.crt
```
to enable the agent user to read the file.
In Ambari Web, browse to Services > Ambari Metrics > Configs.
Update the following properties in the Advanced ams-grafana-ini section:

protocol

https

cert_file

/etc/ambari-metrics-grafana/conf/ams-grafana.crt

cert-Key

/etc/ambari-metrics-grafana/conf/ams-grafana.key
In Configs, click Save.

Restart services, as prompted.