Hortonworks Docs » DataFlow 3.3.1 » NiFi Authentication
NiFi Authentication
Also available as:
PDF

Enabling SSL with Existing Certificates

If you want to enable SSL with existing certificates, and plan to use Ranger for authorization:

  1. Check the Enable SSL? box.
  2. Set Keystore path, Keystore password, and Keystore type values.

    The keystore path is similar to: /etc/security/nifi-certs/keystore.jks

  3. Set the Truststore path, Truststore password, and Truststore type values.

    The truststore path is similar to: /etc/security/nifi-certs/truststore.jks

  4. Check Clients need to authenticate? if you want to ensure that nodes in the cluster are authenticated and are required to have certificates that are trusted by the truststores.
If you want to enable SSL with existing certificates, and are not yet using Ranger for authorization:
  1. Check the Enable SSL? box.
  2. Set Keystore path, Keystore password, and Keystore type values.

    The keystore path is similar to: /etc/security/nifi-certs/keystore.jks

  3. Set the Truststore path, Truststore password, and Truststore type values.

    The truststore path is similar to: /etc/security/nifi-certs/truststore.jks

  4. Check Clients need to authenticate? to ensure that nodes in the cluster are authenticated and are required to have certificates that are trusted by the Truststores.
  5. Specify the Initial Admin Identity. The Initial Admin Identity is the identity of an initial administrator and is granted access to the UI and has the ability to create additional users, groups, and policies. This is a required value when you are not using the Ranger plugin for NiFi for authorization.

    The Initial Admin Identity format is CN=admin, OU=NIFI.

    After you have added the Initial Admin Identity, you must immediately generate certificate for this user.

  6. Specify the Node Identities. This indicates the identity of each node in a NiFi cluster and allows clustered nodes to communicate. This is a required value when you are not using the Ranger plugin for NiFi for authorization.
    <property name="Node Identity 1">CN=node1.fqdn, OU=NIFI</property>
<property name="Node Identity 2">CN=node2.fqdn, OU=NIFI</property>
<property name="Node Identity 3">CN=node3.fqdn, OU=NIFI</property>

    Replace node1.fqdn, node2.fqdn, and node3.fqdn with their respective fully qualified domain names.

© 2012–2018, Hortonworks, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Hortonworks.com | Documentation | Support | Community