IdolSSLConfigServiceImpl
Provides a way to configure SSL/TLS settings for NiFi Ingest processors. Some NiFi Ingest processors have a property named "SSL Config Service", which you can set to an instance of this service.
Properties
Name | Default Value | Description |
---|---|---|
Authority certificates |
The path to the certificate file of a trusted authority, or the path to a directory containing multiple CA certificates. The component communicates with a peer only if the peer provides a certificate signed by one of the CAs. You can specify the path to a file that contains multiple CA certificates in PEM format. The file can contain certificates identified by sequences like the following example: ----BEGIN CERTIFICATE---- Instead of specifying a file path, you can enter the content of the file directly as the value of the parameter. If you specify a directory path, each file must contain one CA certificate. The files are looked up by the CA subject name hash value. For more information, refer to the OpenSSL documentation. |
|
Certificate | The path to the certificate file, or the content of the file, for the component to use to identify itself to a peer. You can specify a single certificate in ASN1 or PEM format, or a chain certificate in PEM format. A chain certificate consists of the end-entity certificate, any intermediate certificates, and ends with the root CA certificate. If you set this parameter you must also set "Private key". | |
Check certificate | True | Specifies whether to require a valid certificate, signed by a trusted authority, from connected peers. If you set this parameter to false, communications are encrypted but the identity of the peer is not verified. |
Check common name | True | Specifies whether the host name listed in the peer's certificate (the CommonName or "CN" attribute) must resolve to the same IP address as the peer itself, as determined by the network connection. |
Cipher suite | You can use this parameter to set an explicit list of ciphers to allow, or to disallow specific ciphers. The parameter uses the OpenSSL cipher string format. For details of this format, see the documentation for OpenSSL or apache mod_ssl. | |
Method | Negotiate | Specifies which version of the SSL protocol to use. The default value, "negotiate", uses the highest version supported by both client and server. |
Private key | The path to the private key file, or the content of the private key file. It can be in ASN1 or PEM format. | |
Private key password | The password for the private key. |