Support Questions

ask_bill_brooks · ‎01-22-2020

How to Generate Certs to secure 3 node nifi cluster and configs

All, I am new to nifi and started to secure nifi

can some share how to generate certs using toolkit standalone

Do I need to generate certs on all nodes

node1.xyz.com

node2.xyz.com

node3.xyz.com

I understand initial admin identity but what is

Node Identity for 3 nodes i have to update in authorizers.xml file

DivyaKaki · ‎02-03-2020

Hi @MattWho one last question

since i have generated certs as per hostnames with proper cn & san..

to configure truststore, do i need to merge the truststore.jks generated for both the hosts or can i use one truststore for both hosts?

sh /opt/nifi-toolkit-1.9.2/bin/tls-toolkit.sh standalone -B mypasswd -C 'CN=nifiadmin, OU=NIFI' -n 'ip-10-175-12x-xx.abc.com,ip-10-175-12x-xxx.abc.com' --nifiDnPrefix 'CN=' --nifiDnSuffix ', OU=NIFI' -o /tmp/certs_divya/ -K mypasswd -P mypasswd -S mypasswd

-rw-------. 1 root root 3437 Feb 3 04:46 CN=nifiadmin_OU=NIFI.p12
-rw-------. 1 root root 29 Feb 3 04:46 CN=nifiadmin_OU=NIFI.password
drwx------. 2 root root 71 Feb 3 04:46 ip-10-175-12x-xxx.abc.com
drwx------. 2 root root 71 Feb 3 04:46 ip-10-175-12x-xxx.abc.com
-rw-------. 1 root root 1200 Feb 3 04:46 nifi-cert.pem
-rw-------. 1 root root 1675 Feb 3 04:46 nifi-key.key

View solution in original post

MattWho · ‎02-04-2020

@DivyaKaki

Since all your certificates have been signed by the same CA, the truststore used by all nodes only needs to contain the public cert for that one CA.

Thanks,

Matt