Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

How to secure MiNiFi C++ site to site

Labels (2)
avatar
author-rank bqiu
Explorer

Created on ‎02-24-2017 03:34 PM

MiNiFi C++ implemented the secure site to site raw socket transport using OpenSSL/TLS.

PR MINIFI-184: Add Security Support https://github.com/apache/nifi-minifi-cpp/commit/63dbb8241e851068bff54ab8cef8310cc4a22cb5 implemented the same

It is using both client and server certificate to do mutual authentication between client and server via OpenSSL/TLS.

Please look at http://bryanbende.com/development/2016/08/30/apache-nifi-1.0.0-secure-site-to-site about setting up the NiFi server site security configuration.

Before you start to configure MiNiFi C++, you need to have client certificate PEM file, client private key PEM file, client CA certificate PEM file, passphrase to the client certificate. Client certificate PEM file, client private key PEM file can be combined into a single PEM file.

You can use openssl tool to convert different certificates formats between PEM/PKCS, etc.

Modify conf/minifi.properties to add Site to Site secure setting

### Site2Site Security Configuration in minifi.properties

enable tls ssl

nifi.remote.input.secure=true

if you want to enable client certificate base authorization

nifi.security.need.ClientAuth=true

setup the client certificate and private key PEM files

nifi.security.client.certificate=./conf/client.pem

nifi.security.client.private.key=./conf/client.pem

setup the client private key passphrase file

nifi.security.client.pass.phrase=./conf/password

setup the client CA certificate file

nifi.security.client.ca.certificate=./conf/nifi-cert.pem

if you do not want to enable client certificate base authorization

nifi.security.need.ClientAuth=false

3,759 Views
Comments

Re: How to secure MiNiFi C++ site to site

avatar
author-rank brian_hensel
New Contributor

Created on ‎02-28-2017 10:14 PM

Does anyone know of a similar sample --config.yml for the Java based version of Minifi?

Re: How to secure MiNiFi C++ site to site

avatar
author-rank bqiu
Explorer

Created on ‎03-01-2017 06:31 PM

For java MiNiFi, the secure config is the same as NiFi

Please look at http://bryanbende.com/development/2016/08/30/apache-nifi-1.0.0-secure-site-to-site about setting up the NiFi site to site security configuration.

Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements
Version history
Last update:
‎02-24-2017 03:34 PM
Updated by:
Explorer
Contributors