[ https://issues.apache.org/jira/browse/NIFI-7786?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17189375#comment-17189375 ]
Andy LoPresto commented on NIFI-7786: ------------------------------------- The comment on NIFI-6019 says that if the remote endpoint has an "invalid certificate", you need to be able to bypass it. Can you elaborate on why the certificate is invalid? If it is not signed by a trusted certificate authority, it can be imported into the local truststore explicitly. If the certificate identifies the wrong service hostname, is expired, or is revoked, it is a good idea to reach out to the responsible team, inform them of the issues, and ask for a resolution. As Joe mentioned, there is a difficult balance between providing security and flexibility to users. Providing bypasses (e.g. {{curl -k}}) tends to become quickly abused and misunderstood, and opens a number of visible/invisible vulnerabilities that not all users are aware of. Because of the broad audience for NiFi, there is rarely a single "correct" solution. An admin override setting explicitly acknowledging the unsafe decision might be the best path forward, but we actually have not received much pushback since this decision was enacted (we received a number of issues before on the mailing lists). If this is a blocker for you, you might want to also investigate workarounds like {{ExecuteProcess}} using {{curl -k}} or forking the project/building & deploying a custom processor using the previous version. > Bring back Trusted Hostname property from InvokeHTTP processor > -------------------------------------------------------------- > > Key: NIFI-7786 > URL: https://issues.apache.org/jira/browse/NIFI-7786 > Project: Apache NiFi > Issue Type: Bug > Reporter: Kun Deng > Priority: Major > > Removing this option is a mistake. Just google how many people need this > option for various reasons. > It is an option so that by using it, people are willing to take the risks. > > Please bring back this option. -- This message was sent by Atlassian Jira (v8.3.4#803005)