NiFi Registry TLS/SSL properties

To enable and configure TLS manually for NiFi Registry, edit the security properties according to the cluster configuration.

The following table lists the TLS/SSL security properties for NiFi Registry:


Property	Description
NiFi Registry TLS/SSL Server JKS Keystore File Location `nifi.registry.security.keystore`	The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when NiFi Registry is acting as a TLS/SSL server. The keystore must be in JKS format.
NiFi Registry TLS/SSL Server JKS Keystore Type Password `nifi.registry.security.keystoreType`	The type of the NiFi Registry JKS keystore. It must be `PKCS12` or `JKS` or `BCFKS`. JKS is the preferred type, BCFKS and PKCS12 files are loaded with BouncyCastle provider.
NiFi Registry TLS/SSL Server JKS Keystore File Password `nifi.registry.security.keystorePasswd`	The password for the NiFi Registry JKS keystore file.
NiFi Registry TLS/SSL Server JKS Keystore Key Password `nifi.registry.security.keyPasswd`	The password that protects the private key contained in the JKS keystore used when NiFi Registry is acting as a TLS/SSL server.
NiFi Registry TLS/SSL Client Trust Store File `nifi.registry.security.truststore`	The location on disk of the trust store, in JKS format, used to confirm the authenticity of TLS/SSL servers that NiFi Registry might connect to. This is used when NiFi Registry is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
NiFi Registry TLS/SSL Client Trust Store Type `nifi.registry.security.truststoreType`	The type of the NiFi Registry TLS/SSL Certificate Trust Store. It must be `PKCS12` or `JKS` or `BCFKS`. JKS is the preferred type, BCFKS and PKCS12 files are loaded with BouncyCastle provider.
NiFi Registry TLS/SSL Client Trust Store Password `nifi.registry.security.truststorePasswd`	The password for the NiFi Registry TLS/SSL Certificate Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information.
NiFi Registry TLS/SSL Client Authentication `nifi.registry.security.needClientAuth`	This specifies that connecting clients must authenticate with a client cert. The default value is `true`. Setting the property to `false` will specify that connecting clients may optionally authenticate with a client cert, but may also login with a username and password against a configured identity provider.