NiFi TLS Properties

To enable and configure TLS manually for NiFi, edit the security properties according to the cluster configuration.

The following table lists the Security properties for NiFi:


Property	Description
NiFi Node TLS/SSL Server JKS Keystore File Location `nifi.security.keystore`	The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when NiFi Node is acting as a TLS/SSL server. The keystore must be in JKS format.
NiFi Node TLS/SSL Server JKS Keystore File Password `nifi.security.keystorePasswd`	The password for the NiFi Node JKS keystore file.
NiFi Node TLS/SSL Server JKS Keystore Key Password `nifi.security.keyPasswd`	The password that protects the private key contained in the JKS keystore used when NiFi Node is acting as a TLS/SSL server.
NiFi Node TLS/SSL Client Trust Store File `nifi.security.truststore`	The location on disk of the trust store, in .jks format, used to confirm the authenticity of TLS/SSL servers that NiFi Node might connect to. This is used when NiFi Node is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
NiFi Node TLS/SSL Client Trust Store Password `nifi.security.truststorePasswd`	The password for the NiFi Node TLS/SSL Certificate Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information.
`xasecure.policymgr.clientssl.keystore`	Path to keystore to use in policy manager.
`xasecure.policymgr.clientssl.keystore.credential.file`	Path to keystore credential file to use in policy manager.
`xasecure.policymgr.clientssl.truststore`	Path to truststore to use in policy manager.
`xasecure.policymgr.clientssl.truststore.credential.file`	Path to truststore credential file to use in policy manager.
Login Identity Provider: Default LDAP TLS - Keystore `xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Keystore`	Default LDAP TLS - Keystore
Login Identity Provider: Default LDAP TLS - Keystore Password `xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Keystore Password`	Default LDAP TLS - Keystore Password
Login Identity Provider: Default LDAP TLS - Keystore Type `xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Keystore Type`	Default LDAP TLS - Keystore Type
Login Identity Provider: Default LDAP TLS - Truststore `xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Truststore`	Default LDAP TLS - Truststore
Login Identity Provider: Default LDAP TLS - Truststore Password `xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Truststore Password`	Default LDAP TLS - Truststore Password
Login Identity Provider: Default LDAP TLS - Truststore Type `xml.loginIdentityProviders.provider.ldap-provider.property.TLS - Truststore Type`	Default LDAP TLS - Truststore Type