Community Articles

Find and share helpful community-sourced technical articles.
Labels (2)
avatar
Explorer

MiNiFi C++ implemented the secure site to site raw socket transport using OpenSSL/TLS.

PR MINIFI-184: Add Security Support https://github.com/apache/nifi-minifi-cpp/commit/63dbb8241e851068bff54ab8cef8310cc4a22cb5 implemented the same

It is using both client and server certificate to do mutual authentication between client and server via OpenSSL/TLS.

Please look at http://bryanbende.com/development/2016/08/30/apache-nifi-1.0.0-secure-site-to-site about setting up the NiFi server site security configuration.

Before you start to configure MiNiFi C++, you need to have client certificate PEM file, client private key PEM file, client CA certificate PEM file, passphrase to the client certificate. Client certificate PEM file, client private key PEM file can be combined into a single PEM file.

You can use openssl tool to convert different certificates formats between PEM/PKCS, etc.

Modify conf/minifi.properties to add Site to Site secure setting

### Site2Site Security Configuration in minifi.properties

enable tls ssl

nifi.remote.input.secure=true

if you want to enable client certificate base authorization

nifi.security.need.ClientAuth=true

setup the client certificate and private key PEM files

nifi.security.client.certificate=./conf/client.pem

nifi.security.client.private.key=./conf/client.pem

setup the client private key passphrase file

nifi.security.client.pass.phrase=./conf/password

setup the client CA certificate file

nifi.security.client.ca.certificate=./conf/nifi-cert.pem

if you do not want to enable client certificate base authorization

nifi.security.need.ClientAuth=false

3,762 Views
Comments
avatar
New Contributor

Does anyone know of a similar sample --config.yml for the Java based version of Minifi?

avatar
Explorer

For java MiNiFi, the secure config is the same as NiFi

Please look at http://bryanbende.com/development/2016/08/30/apache-nifi-1.0.0-secure-site-to-site about setting up the NiFi site to site security configuration.