If you need to replace an X.509 certificate for an inbound connection endpoint before
it expires, you can do so manually.
You need DFFlowAdmin privilege to
perform this action.
-
On the Dashboard select the Cloudera DataFlow deployment for which you want to renew the
certifiacate.
The Deployment Details pane opens.
-
On the Deployment Details pane click Manage
DataFlow.
-
On the Deployment Manager page from
Deployment Settings pane select NiFi
Configuration.
-
Click Renew Certificates.
- To renew the server certificate, select NiFi Inbound SSL
Context Service.
- To renew the client certificate, select Client SSL
Context.
- If you leave Revoke previously issued client
certificates unchecked, existing client certificates
remain valid and existing clients can continue to connect to your
deployment using it. By selecting the Revoke previously
issued client certificates option, you invalidate all
existing certificates and you will need to add the new certificate to
existing clients so that they can keep connecting to your CDF
deployment.
-
Click Renew & Restart.
The UI switches to the KPIs and Alerts pane where
you can monitor as your deployment restarts and the new certificate or
certificates become available.
- If you have renewed the NiFi Inbound SSL Context
Service:
- You have take no further action.
- If you have renewed the Client SSL Context:
- After your Cloudera Public Cloud deployment has
restarted, you switch to the NiFi Configuration pane
to download the Client Certificate and the
Client Private Key. You can then add these to
your client.
