In order to facilitate the secure setup of NiFi, you can use the
tls-toolkit command line utility to automatically generate the required keystores, truststore, and relevant configuration files. This is especially useful for securing multiple NiFi nodes, which can be a tedious and error-prone process.
Please note that there are new requirements for trusted certificates in macOS 10.15. Details can be found here, but of particular importance is that all TLS server certificates issued after July 1, 2019 must have a validity period of 825 days or less.