Andy LoPresto created NIFI-1995:
-----------------------------------
Summary: Support keystores with multiple certificates by exposing
alias selection in configuration
Key: NIFI-1995
URL: https://issues.apache.org/jira/browse/NIFI-1995
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework
Affects Versions: 0.6.1
Reporter: Andy LoPresto
Assignee: Andy LoPresto
Fix For: 1.0.0
Some users and organizations would like to provide different certificates for
identification of the same NiFi instance when acting in different roles (for
example, one certificate to identify the server for the API / UI interaction,
and another to identify the server in cluster communications and/or
site-to-site communications). A preliminary list of roles is:
* API / UI host
* remote authorization / authentication repositories (communicating with
Ranger, LDAP, KDC, etc.)
* cluster (node/NCM/Zookeeper)
* site-to-site
* client when connecting to remote services during data flow ({{InvokeHTTP}},
{{PutSQL}}, etc.)
This should be implemented in a manner that does not break the default
operation (i.e. a keystore with a single certificate value) but allows easy
overriding for one or more of the roles listed above.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
