René Zeidler created NIFI-13987:
-----------------------------------
Summary: Use SSL Context Service in GitHubFlowRegistryClient and
GitLabFlowRegistryClient
Key: NIFI-13987
URL: https://issues.apache.org/jira/browse/NIFI-13987
Project: Apache NiFi
Issue Type: Improvement
Components: Extensions
Affects Versions: 2.0.0, 1.28.0
Reporter: René Zeidler
The Git Flow Registry Clients currently don't use the SSL Context Service. It
always uses the default Java truststore for certificate validation, which
prevents the use of privately hosted GitHub/GitLab instances without a public
certificate.
Adding a configurable SSL Context Service would allow using a custom
truststore, as is the case for most other NiFi components using SSL.
h2. Workaround
Custom certificates can be added to the default Java truststore using:
{code:bash}
keytool -cacerts -importcert -noprompt -file /path/to/custom/ca.cert{code}
This will affect all SSL connections not using a custom truststore, including
those made by the Git registry clients.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
