Joe, If a server connects through the REST API it should be subject to the same checks as a regular user. Can you provide more details regarding the requests that aren't being checked correctly?
Additionally, there was some discussion whether we need the additional checks in the first place as we may be able to leverage checks built into Java [1]. Matt [1] https://issues.apache.org/jira/browse/NIFI-1364 On Mon, Dec 19, 2016 at 10:57 AM, Joe Skora <[email protected]> wrote: > This could very soon be a show stopper for us. > > Does anyone have any thoughts that might help us get this straight? > > On Wed, Dec 14, 2016 at 2:23 PM, Joe Skora <[email protected]> wrote: > > > Running Apache NiFi 0.7.1, we see clients rejected due to OCSP revocation > > of their certificates but we think we are seeing instances where servers > > using OCSP revoked certificates are still able to connect to a cluster. > > > > Should OCSP revocation cause these servers to be rejected by the cluster? > > > > Could this be a configuration problem even though the revoked clients > > certificates are rejected? > > > > Thanks, > > Joe > > >
