[
https://issues.apache.org/jira/browse/NIFI-7333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17375351#comment-17375351
]
Rene Weidlinger commented on NIFI-7333:
---------------------------------------
This is also causing problems with nifi in docker! We need to import the
certificate to trust in the java cacerts, but every time the container is
destroyed the import is lost, and we need to re-import before nifi starts.
This Problem seems to have more negative impact with dockerized-nifi.
> OIDC provider should use NiFi keystore & truststore
> ---------------------------------------------------
>
> Key: NIFI-7333
> URL: https://issues.apache.org/jira/browse/NIFI-7333
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Security
> Affects Versions: 1.11.4
> Reporter: Andy LoPresto
> Assignee: M Tien
> Priority: Major
> Labels: keystore, oidc, security, tls
>
> The OIDC provider uses generic HTTPS requests to the OIDC IdP, but does not
> configure these requests to use the NiFi keystore or truststore. Rather, it
> uses the default JVM keystore and truststore, which leads to difficulty
> debugging PKIX and other TLS negotiation errors. It should be switched to use
> the NiFi keystore and truststore as other NiFi framework services do.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
