Configure Trusted Domain SSL in Data Integration Platform

To configure trusted domain SSL in Data Integration, get a PFX file and its password from certificate authority. Follow the below steps

  1. Convert PFX file to Java KeyStore
  2. Export certificate and create TrustStore
  3. Configure SSL
  4. Configure User Management Server

Convert PFX file to Java KeyStore

  1. Make sure JAVA_HOME set and Java bin set in Environmental PATH. You can find Java which is shipped with Data Integration build in the following location


  2. Execute the below java command to find the alias name of PFX file

     keytool -v -list -storetype pkcs12 -keystore <pfx file path>
  3. Use the below java command to convert the PFX file to Java keystore file.

     keytool -importkeystore -srckeystore <pfx file path> -srcstoretype pkcs12 -srcalias <cert name from above result> -destkeystore <new jks file path> -deststoretype jks -deststorepass <new jks p/w> -destkeypass <new jks p/w> -destalias <same as cert name>


     keytool -importkeystore -srckeystore c:\cert\certificate.pfx -srcstoretype pkcs12 -srcalias * -destkeystore c:\cert\keystore.jks -deststoretype jks -deststorepass findit123 -destkeypass findit123 -destalias *
  4. After above step, it will prompt for source KeyStore password.

  5. Once entered password, KeyStore file will get generated.

Export certificate and create TrustStore

  1. Export a certificate from generated keyStore file. Example command provided below

     keytool -export -alias * c:\cert\keystore.jks -rfc -file c:\cert\certificate.cer -storepass findit123
  2. Import the generated certificate to create a TrustStore file

     keytool -import -alias * c:\cert\certificate.cer -keystore c:\cert\truststore.jks -storepass findit123  

Configure SSL

  1. After generating the keystore and truststore file from above steps. Copy KeyStore and TrustStore files into NiFi\conf directory


  2. Modify file to configure KeyStore and TrustStore. Set below properties properly.
  3. Set port number in file for a property nifi.web.https.port to 443 (Default port used by secure https is 443)

  4. Restart Data Integration service. Now you can check Data Integration service running with Domain SSL certificate.

Configure User Management Server

  1. In User Management Server home page, click view Applications.

  2. In application page, click Edit option for the added Data Integration application.

  3. Add the changed URL using Add Url option and click Update.

  4. Now, URL will be added in application details and it will be accessible.