IdolSSLConfigServiceImpl

Provides a way to configure SSL/TLS settings for NiFi Ingest processors. Some NiFi Ingest processors have a property named "SSL Config Service", which you can set to an instance of this service.

Properties

Name Default Value Description
Authority certificates  

The path to the certificate file of a trusted authority, or the path to a directory containing multiple CA certificates. The component communicates with a peer only if the peer provides a certificate signed by one of the CAs.

You can specify the path to a file that contains multiple CA certificates in PEM format. The file can contain certificates identified by sequences like the following example:

----BEGIN CERTIFICATE----
(CA certificate in base64 encoding)
----END CERTIFICATE----

Instead of specifying a file path, you can enter the content of the file directly as the value of the parameter.

If you specify a directory path, each file must contain one CA certificate. The files are looked up by the CA subject name hash value. For more information, refer to the OpenSSL documentation.

Certificate   The path to the certificate file, or the content of the file, for the component to use to identify itself to a peer. You can specify a single certificate in ASN1 or PEM format, or a chain certificate in PEM format. A chain certificate consists of the end-entity certificate, any intermediate certificates, and ends with the root CA certificate. If you set this parameter you must also set "Private key".
Check certificate True Specifies whether to require a valid certificate, signed by a trusted authority, from connected peers. If you set this parameter to false, communications are encrypted but the identity of the peer is not verified.
Check common name True Specifies whether the host name listed in the peer's certificate (the CommonName or "CN" attribute) must resolve to the same IP address as the peer itself, as determined by the network connection.
Cipher suite   You can use this parameter to set an explicit list of ciphers to allow, or to disallow specific ciphers. The parameter uses the OpenSSL cipher string format. For details of this format, see the documentation for OpenSSL or apache mod_ssl.
Method Negotiate Specifies which version of the SSL protocol to use. The default value, "negotiate", uses the highest version supported by both client and server.
Private key   The path to the private key file, or the content of the private key file. It can be in ASN1 or PEM format.
Private key password   The password for the private key.