If this is the same question posted to the Slack channel earlier, I’ll reply here as well.
Importing the .p12 file into your browser provides the client certificate identifying you as a user to the site. When you visit google.com, only one end of the connection (Google, the server) presents a certificate, which you the user (your browser) verify and decide to trust. When you visit a NiFi instance which is secured and has no other authentication mechanism configured, the only way to authenticate is to present a client certificate. Andy LoPresto [email protected] [email protected] He/Him PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On May 19, 2020, at 7:24 PM, Ren Yang <[email protected]> wrote: > > > >> Hi Nifi Team, >> Thanks for reading my email. I have encountered an issue of securing Nifi >> with Digicert issue. Could you please read the following details. >> >> I have got the Digicert related files and generated the keystore.jks and >> truststore.jks. And all other setup steps have finished. However, when I >> come to my nifi site with HTTPS URL, it denied. >> <image001.png> >> >> Next, I double clicked the nifi.p12 which generated by openssl command, >> imported it into Keychain access. >> >> <image002.png> >> >> Then I access my Nifi https url again, the cert confirmation window comes. >> After pressed “OK”, I arrived the Nifi home page. My question is why I need >> to manfully import the .p12 file into browser. Hasn’t it been working like >> any other public websites (such as https://www.google.com >> <https://www.google.com/>) without doing anything on client side? >> >> <image003.png> >> >> >> Please let me know if you have any questions. Awaiting for your reply. Thank >> you! >> >> > > > > > Ren Yang > [email protected] <mailto:[email protected]> > > >
