exceptionfactory commented on PR #9603: URL: https://github.com/apache/nifi/pull/9603#issuecomment-2564406226
These changes can be tested at runtime using a standard Java runtime with a custom Java security properties configuration. 1. Create `java.security.properties` in the NiFi `conf` directory 2. Add the following line to `java.security.properties`: ``` security.provider.3=SunJCE ``` 3. Add the following line to `bootstrap.conf` in the NiFi `conf` directory: ``` java.arg.securityProperties=-Djava.security.properties=./conf/java.security.properties ``` 4. Start NiFi and view the `nifi-user.log` for the selected Key Pair Algorithm, which should be `RSA` ``` Configured Key Pair Algorithm [RSA] for JSON Web Signatures ``` This configuration replaces the default security provider in the third position with `SunJCE`. The default security provider in the third position is `SunEC`, which implements the `Ed25519` algorithm. With the `SunEC` provider removed from the configuration, the Key Pair Generator Configuration will fall back to `RSA` instead of the default `Ed25519` algorithm. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
