Agent authentication
Learn about the properties that you need to set to configure TLS for MiNiFi agents.
When TLS is enabled to secure Edge Flow Manager (EFM), agents must be authenticated using client certificates. Client certificates are trusted if the Certificate Authority and any intermediate signing authorities (if applicable) are present in the EFM truststore configured as described in TLS configuration for EFM.
For more information on requirements for MiNiFi agent client certificates and instructions for generating new certificates, see TLS keys and certificates.
Cloudera recommends using a unique client certificate per agent. However, it is not a requirement.
MiNiFi Java
conf/bootstrap.conf:# Security Properties # # These properties take precedence over any equivalent properties specified in config.yml file # nifi.minifi.security.keystore=/path/to/keystore.jks nifi.minifi.security.keystoreType=JKS nifi.minifi.security.keystorePasswd=password nifi.minifi.security.keyPasswd=password nifi.minifi.security.truststore=/path/to/truststore.jks nifi.minifi.security.truststoreType=JKS nifi.minifi.security.truststorePasswd=password nifi.minifi.security.ssl.protocol=TLSv1.2 # Properties for encrypting keystore and truststore passwords nifi.minifi.sensitive.props.key=passwordOfAtLeast12Characters nifi.minifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL nifi.minifi.sensitive.props.provider=BC # Properties needed only if the agent is communicating with EFM nifi.c2.security.truststore.location= nifi.c2.security.truststore.password= nifi.c2.security.truststore.type= nifi.c2.security.keystore.location= nifi.c2.security.keystore.password= nifi.c2.security.keystore.type= nifi.c2.security.need.client.auth=
MiNiFi C++
conf/minifi.properties:# Security Properties # # enable tls # nifi.remote.input.secure=true # if you want to enable client certificate base authorization # nifi.security.need.ClientAuth=true # setup the client certificate and private key PEM files # nifi.security.client.certificate=./conf/client.pem nifi.security.client.private.key=./conf/client.pem # setup the client private key passphrase file # nifi.security.client.pass.phrase=./conf/password # setup the client CA certificate file # nifi.security.client.ca.certificate=./conf/nifi-cert.pem
On Windows, MiNiFi C++ can integrate with the Windows certificate store. For instructions on how to do this, see Integrating with the Windows certificate store.
