If you are using the NiFi Certificate Authority (CA), you must perform as series of
activities to ensure that your certificate credentials are correctly propagated after
upgrade.
| Important |
---|
Performing these steps requires
regeneration of keystores and truststores. If you have added additional keystore or
truststore certificates, you must manually re-add these certificates after you force
regenerate certificates. |
.
-
Ensure that your admin token is greater than or equal to
16 characters. If it is less, you can reset it with a value of 16 or more
characters.
- In the Ambari UI, select the NiFi configs tab and
search for the nifi.toolkit.tls.token in the
Advanced nifi-ambari-ssl-config section.
- Enter a new token value with 16 or more characters.
- Enable NiFi CA Force Regeneration to enforce
creating a new certificate.
- Save your configuration.
-
If you are using key, keystore, and truststore passwords that are
auto-generated rather than stored in Ambari, you must provide a 16 character
password in the Ambari UI to ensure credentials are not lost during upgrade.
From the NiFi configs tab, specify values for the
following fields and save your configuration.
- Set the Keystore password in
nifi.security.keystorePasswd.
- Set the Key password in
nifi.security.keyPasswd.
| Note |
---|
This value must
match the Keystore password. |
- Set the Truststore password in
nifi.security.truststorePasswd.
-
If you are using a secured NiFi Registry with the NiFi CA and auto-generated
key, keystore, and truststore passwords, you must provide a 16 character in the
Ambari UI. From the NiFi Registry configs tab, specify
values for the following fields and save your configuration.
- Set the Keystore password in
nifi.security.keystorePasswd.
- Set the Key password in
nifi.security.keyPasswd.
| Note |
---|
This value must
match the Keystore password. |
- Set the Truststore password in
nifi.security.truststorePasswd.
-
Regenerate your certificates by restarting NiFi and NiFi Registry.
-
Deselect NiFi CA Force Regeneration and save this
configuration.