Support Questions
Find answers, ask questions, and share your expertise

Nifi Security Clarification

Hi all,

I have recently implemented LDAP for Nifi (works fine) - the problem is it is still using its own CA for certificates and presents the "This connection is not secure" message.

Is it possible to create company signed certs to be used by Nifi although NOT for authorisation purposes?

I have followed this guide and have been able to generate my own certs but these were used for authorisation and not as standard "web certificate"

https://community.hortonworks.com/content/supportkb/151106/nifi-how-to-create-your-own-certs-for-sec...

In short - How can I achieve Nifi LDAP while using a company signed cert?

Thanks,

3 REPLIES 3

Expert Contributor

Yes, you can and should use company signed certs. Ask your company/Admins/infoSec to give you truststore and keystore jks files with passwords. Add these files in nifi.properties along with password. Restart Nifi.

Hi @Umair Khan
I am getting this error when using CA signed certs:

o.a.n.c.c.node.NodeClusterCoordinator Failed to determine which node is elected active Cluster Coordinator: ZooKeeper reports the address as F.Q.D.N:9088, but there is no node with this address. Attempted to determine the node's information but failed to retrieve its information due to org.apache.nifi.cluster.protocol.ProtocolException: Failed to request Node Identifer from F.Q.D.N:9088


Hi @Umair Khan, do you have any guides on how to create the truststores/keystores specifically for Nifi? I have tried with my team although Nifi does not accept the new stores..

; ;