Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (2)
New Contributor

MiNiFi C++ implemented the secure site to site raw socket transport using OpenSSL/TLS.

PR MINIFI-184: Add Security Support https://github.com/apache/nifi-minifi-cpp/commit/63dbb8241e851068bff54ab8cef8310cc4a22cb5 implemented the same

It is using both client and server certificate to do mutual authentication between client and server via OpenSSL/TLS.

Please look at http://bryanbende.com/development/2016/08/30/apache-nifi-1.0.0-secure-site-to-site about setting up the NiFi server site security configuration.

Before you start to configure MiNiFi C++, you need to have client certificate PEM file, client private key PEM file, client CA certificate PEM file, passphrase to the client certificate. Client certificate PEM file, client private key PEM file can be combined into a single PEM file.

You can use openssl tool to convert different certificates formats between PEM/PKCS, etc.

Modify conf/minifi.properties to add Site to Site secure setting

### Site2Site Security Configuration in minifi.properties

enable tls ssl

nifi.remote.input.secure=true

if you want to enable client certificate base authorization

nifi.security.need.ClientAuth=true

setup the client certificate and private key PEM files

nifi.security.client.certificate=./conf/client.pem

nifi.security.client.private.key=./conf/client.pem

setup the client private key passphrase file

nifi.security.client.pass.phrase=./conf/password

setup the client CA certificate file

nifi.security.client.ca.certificate=./conf/nifi-cert.pem

if you do not want to enable client certificate base authorization

nifi.security.need.ClientAuth=false

1,073 Views
Comments
Not applicable

Does anyone know of a similar sample --config.yml for the Java based version of Minifi?

New Contributor

For java MiNiFi, the secure config is the same as NiFi

Please look at http://bryanbende.com/development/2016/08/30/apache-nifi-1.0.0-secure-site-to-site about setting up the NiFi site to site security configuration.

Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎02-24-2017 03:34 PM
Updated by:
 
Contributors
Top Kudoed Authors