Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

secured nifi cluster must import a cert to browser? is it necessary?

Solved Go to solution

secured nifi cluster must import a cert to browser? is it necessary?

New Contributor

hi i'm using nifi 1.8.0(just nifi.. ), 3-node cluster, and secured.

is it necessary to import a cert to browser when nifi is secured?

i make a cert(keystore, truststore.. etc) with tls-toolkit.

and i wanna connect from many other computer to my nifi cluster, without cert!!!(authentication will be set by ldap.. probably)

i heard old version of nifi, it has a property nifi.security.needClientAuth. but my version, not.

So, i want secured cluster. and connect from many other computer(multi users) without cert ( https:// ~/nifi/login ), and login(authentication) with ldap!

am i miss-understanding? imported a cert to browser is required step for secured cluster?

is it necessary many other users have a cert to connect to my nifi server? i should be publishing a cert to users?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: secured nifi cluster must import a cert to browser? is it necessary?

Super Collaborator

Hi @hr pyo

This really depends and you will have to understand authentication with SSL to get all the details.

I am trying this in short here:
If you use self signed certificates or you sign the certificates by your own CA, you will experience browser warnings about unsecure connections. This means each time the user has to confirm he want to continue, until you install either the certificate of the server or the CA into the browser.

Anyway there are preinstalled 'root ca' in every browser. So if you get your certificate signed by one of those root cas you don't have to install the certificate itself. Due to the chain of trust the browser accepts the signed certificate without further steps needed. To get a free of charge signed certificate you can use 'Let's encrypt'.

In a enterprise level, you usually have an enterprise ca, that gets installed on all enterprise machines, and you let your certificate get signed by your enterprise ca.

Regards
Harald

2 REPLIES 2

Re: secured nifi cluster must import a cert to browser? is it necessary?

Super Collaborator

Hi @hr pyo

This really depends and you will have to understand authentication with SSL to get all the details.

I am trying this in short here:
If you use self signed certificates or you sign the certificates by your own CA, you will experience browser warnings about unsecure connections. This means each time the user has to confirm he want to continue, until you install either the certificate of the server or the CA into the browser.

Anyway there are preinstalled 'root ca' in every browser. So if you get your certificate signed by one of those root cas you don't have to install the certificate itself. Due to the chain of trust the browser accepts the signed certificate without further steps needed. To get a free of charge signed certificate you can use 'Let's encrypt'.

In a enterprise level, you usually have an enterprise ca, that gets installed on all enterprise machines, and you let your certificate get signed by your enterprise ca.

Regards
Harald

Re: secured nifi cluster must import a cert to browser? is it necessary?

New Contributor

this is really what i wanna know !! thanks!!!!!!!!!!

Don't have an account?
Coming from Hortonworks? Activate your account here