Using External Certificates
You can use an external CA or external self-signed certificates by updating some of the configuration values in Cloudera Manager.
- In the NiFi Toolkit CA Service field, deselect the Toolkit CA Service by setting the radio button to None.
- In the Enable TLS/SSL field, enable TLS by clicking the NiFi Node Default Group box.
Update keystore and truststore information for provided certificates.
Review Auto-generate Node Identities settings to ensure prefix and suffix match
those in certificates.
For auto-generate to work successfully externally created certificates should identify, within the common name, the fully qualified hostname for each agent running a nifi node e.g. CN=hostname.local, OU=NIFI.