NiFi Registry TLS Properties
To enable and configure TLS manually for NiFi Registry, edit the security properties according to the cluster configuration.
The following table lists the Security properties for NiFi Registry:
Property | Description |
---|---|
NiFi Registry TLS/SSL Server JKS Keystore File
Location
|
The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when NiFi Registry is acting as a TLS/SSL server. The keystore must be in JKS format. |
NiFi Registry TLS/SSL Server JKS Keystore File
Password
|
The password for the NiFi Registry JKS keystore file. |
NiFi Registry TLS/SSL Server JKS Keystore Key
Password
|
The password that protects the private key contained in the JKS keystore used when NiFi Registry is acting as a TLS/SSL server. |
NiFi Registry TLS/SSL Client Trust Store
File
|
The location on disk of the trust store, in .jks format, used to confirm the authenticity of TLS/SSL servers that NiFi Registry might connect to. This is used when NiFi Registry is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead. |
NiFi Registry TLS/SSL Client Trust Store
Password
|
The password for the NiFi Registry TLS/SSL Certificate Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information. |
xasecure.policymgr.clientssl.keystore |
Path to keystore to use in policy manager. |
xasecure.policymgr.clientssl.keystore.credential.file |
Path to keystore credential file to use in policy manager. |
xasecure.policymgr.clientssl.truststore |
Path to truststore to use in policy manager. |
xasecure.policymgr.clientssl.truststore.credential.file |
Path to truststore credential file to use in policy manager. |