Integrating with the Windows certificate store
Learn how to enable MiNiFi C++ to get certificates from truststore of the OS.
If you want MiNiFi to communicate with EFM (C2) securely using HTTPS, you need a server certificate that EFM uses to identify itself and a client certificate that MiNiFi uses to identify itself, as well as a private key corresponding to the client certificate.
Manual setup of the client and server certificates on the MiNiFi
side:
nifi.remote.input.secure=true
nifi.security.need.ClientAuth=true
nifi.security.client.certificate=C:\opt\nifi\data\ssl\client-certificate.pem
nifi.security.client.private.key=C:\opt\nifi\data\ssl\client-certificate.key
#nifi.security.client.pass.phrase=
nifi.security.client.ca.certificate=C:\opt\nifi\data\ssl\server-certificate.pem
#nifi.security.use.system.cert.store=
If both client and server certificates are in the LocalMachine (= "Local Computer") system
certificate store (in MY = "Personal" and ROOT = "Trusted Root Certification Authorities",
respectively), then you can simply
do:
nifi.remote.input.secure=true
nifi.security.need.ClientAuth=true
#nifi.security.client.certificate=
#nifi.security.client.private.key=
#nifi.security.client.pass.phrase=
#nifi.security.client.ca.certificate=
nifi.security.use.system.cert.store=true
Ensure that the client certificate is exportable.
If you need to select the client certificate by CN, you can add the following
property:
nifi.security.windows.client.cert.cn=<myCertificateIssuedToName>
If you need to select the client certificate by Extended (= "Enhanced") Key Usage, you can add
the following
property:
nifi.security.windows.client.cert.key.usage=Client Authentication, Server Authentication
You can also use a different system store location or a different system store for the client
and server certificates, if
needed:
# instead of LocalMachine
nifi.security.windows.cert.store.location=CurrentUser
# instead of MY
nifi.security.windows.client.cert.store=TrustedPeople
# instead of ROOT
nifi.security.windows.server.cert.store=TrustedPublisher