Connecting applications to an endpoint

Once a dataflow deployment with inbound connection is available, you can go on and connect an external application to start sending data.

A flow deployment with inbound connection is available.
A network connection through which the client can reach the flow deployment endpoint is available.
You have been assigned at least the DFFlowUser role for the environment to which you want to configure the inbound connection.

Select the dataflow deployment where you want to send data and go to Deployment Manager > Deployment Settings.
Select the NiFi Configuration tab.
Make a note of the Endpoint Hostname and port.
Click Download Client Certificate.

The X.509 client certificate downloads to your computer in PEM format.
Click Download Client Private Key to obtain the RSA Private Key.

The unencrypted RSA Private Key encoded with PKCS8 downloads to your computer in PEM format.
Depending on your client, you may have to convert the certificate and the private key to a different format.
For example, to convert PEM to PKCS12 format, use the following command:
```
openssl pkcs12 -export -in [***DOWNLOADED PEM CERT FILE***] -inkey [***DOWNLOADED PEM PRIVATE KEY***] -out certificate.p12
```
To further convert the PKCS12 file to JKS format for a Java client, run the following command:
```
keytool -importkeystore -srckeystore [***CERTIFICATE NAME***].p12 -srcstoretype pkcs12 -destkeystore [***DESTINATION KEYSTORE***].jks
```
Add the certificate file and the private key files to the keystore of your application.
Configure your application to stream data to the Endpoint Hostname, port, and protocol of the CDF DataFlow Deployment.