NiFi should always accept a cert at the rest api if you provide one. If your using curl just add the “--key” and “--cert” and call whatever api url your trying directly. You’ll need to make sure that the cert your using is signed by the same local CA that NiFi is set to trust and that you’ve added a user in NiFi that matches the common name on the cert or whatever regex you set for “nifi.security.identity.mapping.value.pattern”
Thanks Shawn > On Oct 28, 2022, at 3:55 PM, David Early via users <users@nifi.apache.org> > wrote: > > Hi all, > > We have a 3 node cluster secured with Microsort AD for the first time. > > I need access to the REST api. The nifi-api/access/token does not work in > this case. > > We did use a local CA for certificate generation on the servers. > > I am reading that it is possible to do certificate based auth to the > api....we need this in a script (python) to run on a remote server which is > checking for old flowfiles that can get stuck in a few places. > > Can I use cert based API connection when using AD as the main > authentication/authorization for the ui? > > Anything special that needs to be done? I've just not used certs with the > api before, but we have used cert based site to site on other systems and it > works fine. Just not sure how to do it with nipyapi or just from curl on the > cli. > > David
