Renewing certificates for Outbound Connection Endpoints

Learn about certificate renewal for Inbound Connection Endpoints.

For security reasons, the cerificates generated for Inbound Connection Endpoints need to be renewed after a certain period:

  • NiFi Inbound SSL Context Service - 90 days
  • Client SSL Context - 1 year
  • Client CA - 5 years

CDF polls certificate status, and they are automatically renewed 30 days before expiration. At this point you receive a notification on the Alerts tab, asking you to restart the deployment so that the new certificate takes effect.

If it becomes necessary, for example, because a certificate is compromised, you can also renew certificates manually.