Hi, We have been working on security our nifi/minifi setup, and we have been marginally successful, but there are a few things I can't seem to figure out. For our setup we have:
CA: created in openssl, intermediate issuer created as well; chain cert created NIFI Cert: issued by the intermediate User Cert: issued by the intermediate (CN=admin) NIFI ======= Keystore: nifi_server.key.pem Truststore: ca-chain.cert.pem, admin.cert.pem, nifi_server.cert.pem With this setup, secure cert based browser connection to NIFI works like a champ using the "admin" identity. I can create an S2S connection to my own NIFI, and I notice it uses the 'nifi_server' identity to authenticate. MINIFI ======== Keystore: nifi_server.key.pem Truststore: ca-chain.cert.pem, admin.cert.pem, nifi_server.cert.pem With this setup, MINIFI will connect securely to NIFI, again using the 'nifi_server' identity. This is not really desirable, since I would want MINIFI to connect using the "admin" identity (or in real life, one specific to that instance of MINIFI). Any ideas how to accomplish this? Am I doing something wrong? I'm kind of new to the Java keystore stuff. Thanks -- “Try to never run out of smokes, ammo, and luck all at the same time. But remember, if you have ammo, you can always get more smokes, and make your own luck." G.K. Shirpa
