Renew certificates manually for an Inbound Connection Endpoint
If you need to replace an X.509 certificate for an inbound connection endpoint before it expires, you can do so manually.
On the Dashboard select the DataFlow deployment for
which you want to renew the certifiacate.
The Deployment Details pane opens.
- On the Deployment Details pane click Manage DataFlow.
- On the Deployment Manager page from Deployment Settings pane select NiFi Configuration.
Click Renew Certificates.
- To renew the server certificate, select NiFi Inbound SSL Context Service.
- To renew the client certificate, select Client SSL Context.
- If you leave Revoke previously issued client certificates unchecked, existing client certificates remain valid and existing clients can continue to connect to your deployment using it. By selecting the Revoke previously issued client certificates option, you invalidate all existing certificates and you will need to add the new certificate to existing clients so that they can keep connecting to your CDF deployment.
Click Renew & Restart.
The UI switches to the KPIs and Alerts pane where you can monitor as your deployment restarts and the new certificate or certificates become available.
- If you have renewed the NiFi Inbound SSL Context Service:
- You have take no further action.
- If you have renewed the Client SSL Context:
- After your CDP deployment has restarted, you switch to the NiFi Configuration pane to download the Client Certificate and the Client Private Key. You can then add these to your client.