Hello Simon, The instructions you might find online for creating a certificate for NiFi will be the same for 1.x as for 2.x. Nothing has changed there.
If you are using a cert to authenticate to NiFi (whether the cert is for a person or a server), then the NiFi username is the full certificate "Subject" (which includes CN and O and OU and more). Be careful of the formatting of that string, because NiFi accepts RFC-1779 format. Take a look at Jira tickets NIFI-12272 and NIFI-2517 for more background. Suggestions on creating certificates for NiFi have been made on the DEV email list in the past, and include: - a user shared their script: https://gist.github.com/hawko2600/922b727634784614465b83e52ec2be52 - tinycert.org - letsencrypt.org Hope this helps. -- Mike On Wed, Dec 18, 2024 at 11:27 AM Simon Miller <simon_mil...@next.co.uk.invalid> wrote: > hello, I'm using 2.0.0.-M4 (both nifi and registry) and I'm struggling to > get the TLS to work. All the links I can find refer to using the DN from a > cert and the tls-toolkit.sh but the modern nifi-toolkit contains no such > script, only cli.sh > > I therefore see no way to generate the temporary certificate needs to > secure TLS access and to set up AD - if my browser cert's CN is > simon_mil...@next.co.uk, do I need to add the O and OU to my initial admin > identity in authorizers.xml ? From what I read the field there needs to > contain the exact DN returned by the certificate but I cannot seem to get > it to work . > Is there a confirmed exactly right way of getting this to work > with 2.0.0.-M4? There are a lot of videos around for older versions > > thanks > > > > Simon Miller > > Java Technical Specialist > > Cloud Operations, Next Technology > > Email: simon_mil...@next.co.uk > > Tel: 07902 108337 > > -- > > > > > > DISCLAIMER > > This email is confidential and subject to important > disclaimers and conditions > in relation to monitoring, viruses, > confidentiality and legal privilege full > details of which can be viewed on > our Email Policy at the following link: http://www.next.co.uk/privacy/ > <http://www.next.co.uk/Policy/> > > > > Next Holdings Ltd registered in England > 35161. Registered Office Desford Road Enderby Leicester LE19 4AT. Next > Retail Ltd is authorised and regulated by the Financial Conduct Authority > for Consumer Credit. >
