TLS/SSL Configuration

In order to enable user authentication on NiFi, you must first configure Transport Layer Security (TLS).

TLS is an industry standard set of cryptographic protocols for securing communications over a network.

When you configure authentication and authorization for your flow management cluster, CFM sends sensitive information over the network to cluster hosts, such as Kerberos keytabs and configuration files that contain passwords. TLS encryption keeps these transfers secure.

Configuring TLS involves creating a private key and a public key for use by server and client processes to negotiate an encrypted connection at runtime. In addition, TLS can use certificates to verify the trustworthiness of keys presented during the negotiation to prevent spoofing and mitigate other potential security issues.

In CFM, you can configure TLS in one of the following ways: