> However, where/how do I install the certificates I'll be given for use?
The JDK keytool can be used to create the JKS artifacts you need. On Tue, Jul 5, 2022 at 11:33 PM Russell Bateman <r...@windofkeltia.com> wrote: > > I appreciate the responses. I will try out the canonical > /StandardSSLContextService/ first (since that's what I am using with > Kafka), then imitate the other sample depending. > > However, where/how do I install the certificates I'll be given for use? > I would expect something for certain representing the third-party > service in a truststore and maybe another (a private key) in a keystore. > > > On 7/5/22 16:30, Russell Bateman wrote: > > From a custom processor, I intend to interface with a third-party > > service (via simple HTTP client), however, I would need as I > > understand it to > > > > a) maintain a private key by which I can identify myself to that > > third-party service and > > b) maintain a trusted-store certificate by which I can guarantee > > the identity of the service. > > > > This is pretty far outside my own experience. I have been reading on > > how this is achieved in Java, but in my mind a complication arises > > from the fact that a custom NiFi processor lives within NiFi's JVM. My > > question is therefore, how can I control the certificates and > > authorities for my use in or associated with NiFi's JVM. Clearly, I > > don't grok this well enough even to ask the question; I'm hoping > > someone can see through what I'm asking and point me in a good > > direction to study. > > > > I've written a pile of successful and useful custom NiFi processors to > > cover proprietary needs, so custom-processor writing isn't a mystery. > > Certificates, keys, trusts and security in general still is. > > > > Profuse thanks, > > > > Russ
