NiFi Registry TLS/SSL properties

To enable and configure TLS manually for NiFi Registry, edit the security properties according to the cluster configuration.

The following table lists the TLS/SSL security properties for NiFi Registry:

Property Description
NiFi Registry TLS/SSL Server JKS Keystore File Location

nifi.registry.security.keystore

The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when NiFi Registry is acting as a TLS/SSL server. The keystore must be in JKS format.
NiFi Registry TLS/SSL Server JKS Keystore Type Password

nifi.registry.security.keystoreType

The type of the NiFi Registry JKS keystore. It must be PKCS12 or JKS or BCFKS. JKS is the preferred type, BCFKS and PKCS12 files are loaded with BouncyCastle provider.
NiFi Registry TLS/SSL Server JKS Keystore File Password

nifi.registry.security.keystorePasswd

The password for the NiFi Registry JKS keystore file.
NiFi Registry TLS/SSL Server JKS Keystore Key Password

nifi.registry.security.keyPasswd

The password that protects the private key contained in the JKS keystore used when NiFi Registry is acting as a TLS/SSL server.
NiFi Registry TLS/SSL Client Trust Store File

nifi.registry.security.truststore

The location on disk of the trust store, in JKS format, used to confirm the authenticity of TLS/SSL servers that NiFi Registry might connect to. This is used when NiFi Registry is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
NiFi Registry TLS/SSL Client Trust Store Type nifi.registry.security.truststoreType The type of the NiFi Registry TLS/SSL Certificate Trust Store. It must be PKCS12 or JKS or BCFKS. JKS is the preferred type, BCFKS and PKCS12 files are loaded with BouncyCastle provider.
NiFi Registry TLS/SSL Client Trust Store Password

nifi.registry.security.truststorePasswd

The password for the NiFi Registry TLS/SSL Certificate Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information.
NiFi Registry TLS/SSL Client Authentication

nifi.registry.security.needClientAuth

This specifies that connecting clients must authenticate with a client cert. The default value is true. Setting the property to false will specify that connecting clients may optionally authenticate with a client cert, but may also login with a username and password against a configured identity provider.