[
https://issues.apache.org/jira/browse/NIFI-1995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy LoPresto updated NIFI-1995:
--------------------------------
Fix Version/s: (was: 1.0.0)
> Support keystores with multiple certificates by exposing alias selection in
> configuration
> -----------------------------------------------------------------------------------------
>
> Key: NIFI-1995
> URL: https://issues.apache.org/jira/browse/NIFI-1995
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 0.6.1
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Labels: certificate, keystore, security
>
> Some users and organizations would like to provide different certificates for
> identification of the same NiFi instance when acting in different roles (for
> example, one certificate to identify the server for the API / UI interaction,
> and another to identify the server in cluster communications and/or
> site-to-site communications). A preliminary list of roles is:
> * API / UI host
> * remote authorization / authentication repositories (communicating with
> Ranger, LDAP, KDC, etc.)
> * cluster (node/NCM/Zookeeper)
> * site-to-site
> * client when connecting to remote services during data flow ({{InvokeHTTP}},
> {{PutSQL}}, etc.)
> This should be implemented in a manner that does not break the default
> operation (i.e. a keystore with a single certificate value) but allows easy
> overriding for one or more of the roles listed above.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
