[ https://issues.apache.org/jira/browse/NIFI-11536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tan Luu updated NIFI-11536: --------------------------- Affects Version/s: 1.20.0 1.19.0 1.18.0 > nifi.security.autoreload.enabled is broken since v1.17.0 > -------------------------------------------------------- > > Key: NIFI-11536 > URL: https://issues.apache.org/jira/browse/NIFI-11536 > Project: Apache NiFi > Issue Type: Bug > Components: Security > Affects Versions: 1.17.0, 1.18.0, 1.19.0, 1.20.0 > Environment: standalone > Reporter: Tan Luu > Priority: Major > Labels: critical > > NiFi standalone with nifi.security.autoreload.enabled=true does not reload > TLS keystore after upgrade from 1.16.3 to 1.17.0 onward. > Steps to reproduce: > 1/ Generate truststore and 2 keystores for nifi standalone using nifi > toolkit. Two keystores should be generated at least 5 minutes apart from each > other since we use the certificate start time to verify if the new cert is > loaded later > e.g. > bin/tls-toolkit.sh standalone -n nifi.tmanet.com \ > --subjectAlternativeNames nifi.tmanet.com -P > TErbdTQutLvFVd3kunMcCL5/OG1K+t2l/Q1vSiJbJp8 \ > -S JaTxUVN+HK8+LyPCs9ruJXCiYq/zr1bYUxJBjEGnjpw > 2/ Configure nifi standalone with generated truststore and one of the > keystore then start nifi (ensure nifi.security.autoreload.enabled=true in > your nifi.properties) > 3/ Check the certificate start date return when calling nifi url e.g. > nifi.tmanet.com:9443 > curl -kv https://nifi.tmanet.com:9443 2>&1 | /bin/grep start > 4/ Replace keystore.jks by another keystore generated above and wait for > nifi.security.autoreload.interval (default 10s) and recheck the nifi > certificate by > curl -kv https://nifi.tmanet.com:9443 2>&1 | /bin/grep start -- This message was sent by Atlassian Jira (v8.20.10#820010)