Created on 10-05-201502:43 PM - edited 08-17-201902:22 PM
Note: I used TinyCert to generate my own certificate authority and certificates. Probably the easiest way to generate new certificates
Create your own certificate authority. Fill in your own values.
Create 2 new certificates. One is your client certificate (in this case, bbukacek) and a server certificate which will be used for the NiFi keystore.
Download the certificate authority, the client and server certificates and upload to your NiFi environment.
Note: Easiest way is to download the client and server certificates in PKCS12 formatCreate a TrustStore
We will use the certificate authority to create the TrustStore. Use the following syntax to create the TrustStore:
> keytool -import -file <ca_file>.pem -alias cacert -keystore truststore.jks -storepass <password>Configure NiFi
Now that the TrustStore is created we can configure NiFi Keystore and TrustStore.
Under $NIFI_HOME/conf, open the nifi.properties.
Set the web properties
First and this important, unset the property nifi.web.http.port since once the configuration is completed will be communicating with NiFi over SSL.
Set the following web properties:
nifi.web.https.port=<port> :: Typically 8443, but pick a port
Configure the Keystore
To configure the keystore we will be using the server certificate that was downloaded. Put the certificate in a location that can be referenced for the property. For the keystore there are 3 properties to set.
Configure the TrustStore
To configure the TrustStore we will use the TrustStore that we created above. Again, put the certificate in a location that can be reference for the property. For the truststore there are 3 properties to set.