Support Questions

Find answers, ask questions, and share your expertise

How to refresh webpage certificate for Nifi

avatar
Explorer

Hello, 
I need help to renew validity of web certificate for Nifi.

It is for local host and Nifi2.0.0-M4

Please refer below screenshot.

Shrink_0-1745373231777.png

Thanks & Regards,
Gaurav Mahajan 

1 ACCEPTED SOLUTION

avatar
Master Mentor

@Shrink 

Once your certificate has expired, you'll need to generate a new certificate.
Form your image, it appears you are using the NiFi auto-generated out-of-the-box self signed certificate?

There are multiple options:

  1. (Recommended) The auto-generated certificate is intended to be used for product evaluation.   For extended use and specially for production use, you should be using certificates signed by an internal company Certificate Authority (CA) or an external CA.
  2. You can manually create new self signed keystore and truststore as well.
    https://nifi.apache.org/nifi-docs/walkthroughs.html#manual-keystore

    To make life easier, I'd use the existing keystore.p12 and trustore.p12 filename instead of the nifi1.p12 and trust.p12 used in above documentation.  I would also use the same password used already for the expired keystore.p12 and truststore.p12 files set in your nifi.properties file.  That way if you are using these keystore and truststoe file in any NiFi dataflow controller services, you will not need to edit them.
  3. You could delete or rename the existing expired keystore.p12 and truststore.p12 files.  Then edit the nifi.properies file to clear the keystore and truststore password values:
nifi.security.keystorePasswd=
nifi.security.keyPasswd=
nifi.security.truststorePasswd=​

With the passwords cleared and the keystore.p12 file and truststore.p12 files removed/renamed, NiFi will generate a new keystore.p12 and truststore.p12 using new randomly generated passwords.  Down side here is if you use the keystore and truststore anywher in your dataflow, you'll need to update the password. Or you can use the javak keytool command to change the passwords to the password used previously.  If you do this, you'll need to restart NiFi afterwards for NiFi to start using the new passwords you update in the nifi.properties file.

Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

View solution in original post

2 REPLIES 2

avatar
Master Mentor

@Shrink 

Once your certificate has expired, you'll need to generate a new certificate.
Form your image, it appears you are using the NiFi auto-generated out-of-the-box self signed certificate?

There are multiple options:

  1. (Recommended) The auto-generated certificate is intended to be used for product evaluation.   For extended use and specially for production use, you should be using certificates signed by an internal company Certificate Authority (CA) or an external CA.
  2. You can manually create new self signed keystore and truststore as well.
    https://nifi.apache.org/nifi-docs/walkthroughs.html#manual-keystore

    To make life easier, I'd use the existing keystore.p12 and trustore.p12 filename instead of the nifi1.p12 and trust.p12 used in above documentation.  I would also use the same password used already for the expired keystore.p12 and truststore.p12 files set in your nifi.properties file.  That way if you are using these keystore and truststoe file in any NiFi dataflow controller services, you will not need to edit them.
  3. You could delete or rename the existing expired keystore.p12 and truststore.p12 files.  Then edit the nifi.properies file to clear the keystore and truststore password values:
nifi.security.keystorePasswd=
nifi.security.keyPasswd=
nifi.security.truststorePasswd=​

With the passwords cleared and the keystore.p12 file and truststore.p12 files removed/renamed, NiFi will generate a new keystore.p12 and truststore.p12 using new randomly generated passwords.  Down side here is if you use the keystore and truststore anywher in your dataflow, you'll need to update the password. Or you can use the javak keytool command to change the passwords to the password used previously.  If you do this, you'll need to restart NiFi afterwards for NiFi to start using the new passwords you update in the nifi.properties file.

Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

avatar
Explorer

Thank you @MattWho .

I try third option first but it was not working at my side. Nifi shuts down saying no keystore file found. 

but second option works well for me.
Thanks,

I have also found below article where it explain how to change certificate 
https://www.linkedin.com/pulse/configuring-ssltls-authentication-apache-nifi-dhruv-sahu/

https://www.youtube.com/watch?v=9F6DnsD8TSo