InstallationPDF version

Configure MiNiFi agent TLS

You can configure MiNiFi Agent TLS by updating the configuration files.

If you are configuring a MiNiFi Java agent, the configuration file is conf/bootstrap.conf. If you are configuring a MiNiFi C++ agent, the configuration file is conf/minifi.properties.

  1. Open your MiNiFi Agent configuration file in a text editor.
  2. Edit the security properties for Java. For example: 
    # Security Properties #
# These properties take precedence over any equivalent properties specified in config.yml file #
nifi.minifi.security.keystore=
nifi.minifi.security.keystoreType=
nifi.minifi.security.keystorePasswd=
nifi.minifi.security.keyPasswd=
nifi.minifi.security.truststore=
nifi.minifi.security.truststoreType=
nifi.minifi.security.truststorePasswd=
nifi.minifi.security.ssl.protocol=

nifi.minifi.sensitive.props.key=
nifi.minifi.sensitive.props.algorithm=
nifi.minifi.sensitive.props.provider=
  3. Edit the security properties for C++. For example: 
    # Security Properties #

# enable tls #
nifi.remote.input.secure=true

# if you want to enable client certificate base authorization #
nifi.security.need.ClientAuth=true
# setup the client certificate and private key PEM files #
nifi.security.client.certificate=./conf/client.pem
nifi.security.client.private.key=./conf/client.pem
# setup the client private key passphrase file #
nifi.security.client.pass.phrase=./conf/password
# setup the client CA certificate file #
nifi.security.client.ca.certificate=./conf/nifi-cert.pem

# if you do not want to enable client certificate base authorization #
nifi.security.need.ClientAuth=false

    You have the option of specifying an SSL Context Service definition for the RPGs instead of the preceding properties. This links to a corresponding SSL Context Service defined in the flow.

    To do this, specify the SSL Context Service Property in your RPGs and link it to a defined controller service. For example:
    Remote Processing Groups:
- name: NiFi Flow
  id: 2438e3c8-015a-1000-79ca-83af40ec1998
  url: http://127.0.0.1:8080/nifi
  timeout: 30 secs
  yield period: 5 sec
  Input Ports:
      - id: 2438e3c8-015a-1000-79ca-83af40ec1999
        name: fromnifi
        max concurrent tasks: 1
        Properties:
            SSL Context Service: SSLServiceName
  Output Ports:
      - id: ac82e521-015c-1000-2b21-41279516e19a
        name: tominifi
        max concurrent tasks: 2
        Properties:
	SSL Context Service: SSLServiceName
Controller Services:
- name: SSLServiceName
  id: 2438e3c8-015a-1000-79ca-83af40ec1974
  class: SSLContextService
  Properties:
      Client Certificate: <client cert path>
      Private Key: < private key path > 
      Passphrase: <passphrase path or passphrase>
      CA Certificate: <CA cert path>
    If you do not take this approach, the preceding properties will be used for TCP and secure HTTPS communications.

We want your opinion

How can we improve this page?

What kind of feedback do you have?