[
https://issues.apache.org/jira/browse/NIFI-1477?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-1477.
------------------------------------
Resolution: Won't Fix
As outlined in the description, changing the default contents of the NiFi trust
store could result in unexpected behavior, expanding the list of trusted
authorities beyond the explicit configuration. A different approach might
involve an implementation of SSLContextService that uses system default trust
store, which could be addressed in a separate issue.
> Import trusted CA certificates into NiFi local truststore
> ---------------------------------------------------------
>
> Key: NIFI-1477
> URL: https://issues.apache.org/jira/browse/NIFI-1477
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 0.5.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Major
> Labels: certificate, security, tls, truststore
> Original Estimate: 336h
> Remaining Estimate: 336h
>
> A common complaint new users have is that they try to configure a {{GetHTTP}}
> or {{InvokeHTTP}} processor to communicate with an external site using TLS
> and it fails due to certificate validation exceptions. By automatically
> importing the contents of {{$JAVA_HOME/jre/lib/security/cacerts}} into the
> NiFi local truststore, we could eliminate this obstacle. However, this may
> not be expected behavior for users who wish to configure a custom truststore
> to be more discriminating on TLS connections.
> Investigate this issue and discuss on mailing list.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
