Integrating with the Windows certificate store

Learn how to enable MiNiFi C++ to get certificates from truststore of the OS.

If you want MiNiFi to communicate with EFM (C2) securely using HTTPS, you need a server certificate that EFM uses to identify itself and a client certificate that MiNiFi uses to identify itself, as well as a private key corresponding to the client certificate.

Manual setup of the client and server certificates on the MiNiFi side:\opt\nifi\data\ssl\client-certificate.pem\opt\nifi\data\ssl\client-certificate.key\opt\nifi\data\ssl\server-certificate.pem
If both client and server certificates are in the LocalMachine (= "Local Computer") system certificate store (in MY = "Personal" and ROOT = "Trusted Root Certification Authorities", respectively), then you can simply do:

Ensure that the client certificate is exportable.

If you need to select the client certificate by CN, you can add the following property:<myCertificateIssuedToName>
If you need to select the client certificate by Extended (= "Enhanced") Key Usage, you can add the following property: Authentication, Server Authentication
You can also use a different system store location or a different system store for the client and server certificates, if needed:
# instead of LocalMachine

# instead of MY

# instead of ROOT