Configuring TLS/SSL encryption manually for NiFi and NiFi Registry

If you do not want to enable Auto-TLS because for example, you need to use your own enterprise-generated certificates, you can manually enable TLS for NiFi and NiFi Registry.

Ensure you have set up TLS for Cloudera Manager:

  1. Review the requirements and recommendations for the certificates. See TLS Certificate Requirements and Recommendations.
  2. Generate the TLS certificates and configure Cloudera Manager. See Manually Configuring TLS for Cloudera Manager.
  1. From Cloudera Manager, click Cluster > NiFi.
  2. Click the Configuration tab.
  3. Enter ssl in the Search field.
    The TLS/SSL Security properties for NiFi appear.
  4. Edit the TLS/SSL Security properties.
  5. Click Save Changes.
  6. Restart the NiFi service.
  7. Click Cluster > NiFi Registry and repeat these steps to configure the TLS/SSL Security properties for NiFi Registry.

    If a property is not exposed in Cloudera Manager, use a safety valve to override the associated value.