This will create the ssl context service which you can configure by clicking on the small arrow beside it: Configure NiFi to listen for traffic and accept only encrypted traffic by using the HandleHTTPRequest processor:Īll values can remain as per default, except for “port”, which should be configured to a sane port number, creating a default HTTP Context Map, and the “SSL Context Service”, for which you can select “Create new service…” from the drop down, which will show the following:Įverything can be left as per default, and click on “create”. cer -keystore truststore.ts Configure NiFi to use the CA certificate and truststoreĪt this point we should have both the keystore and a truststore in the directory. Keytool -import -v -trustcacerts -alias -file. Open a command prompt as root and issue the following commands: cd Transfer the file to a directory in the NiFi server as before. To do so, right click on the certificate an export the certificate chain:Įnsure that PEM is selected and save the certificate: In order to create a trust store, we must first export the CA certificate we just created above. This is typically used for client side TLS authentication (elasticsearch beats use this model for example) In our case, any certificate signed by the CA should be trusted. Once created, save a copy of this keystore ( file > save as) and place it in a folder on the NiFi server Creating a truststore, which contains the above CA certificateĪ truststore allows an application (in this case NiFi) to determine if a client certificate should be trusted or not. Within KeyStore Explorer, right click and “Generate Key Pair” to create a new certificate or import an existing certificate to use as your Certificate Authority.
0 Comments
Leave a Reply. |