[
https://issues.apache.org/jira/browse/NIFI-13987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18053129#comment-18053129
]
ASF subversion and git services commented on NIFI-13987:
--------------------------------------------------------
Commit 19d8ff0bac77e0c06cceada178b4874e62c3d6b3 in nifi's branch
refs/heads/main from Pierre Villard
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=19d8ff0bac ]
NIFI-13987 Add SSL Context Service in GitHubFlowRegistryClient and
GitLabFlowRegistryClient (#10788)
Signed-off-by: David Handermann <[email protected]>
> Use SSL Context Service in GitHubFlowRegistryClient and
> GitLabFlowRegistryClient
> --------------------------------------------------------------------------------
>
> Key: NIFI-13987
> URL: https://issues.apache.org/jira/browse/NIFI-13987
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 2.0.0
> Reporter: René Zeidler
> Assignee: Pierre Villard
> Priority: Major
> Labels: certificate, client, git, github, gitlab, https,
> registry, ssl
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The Git Flow Registry Clients currently don't use the SSL Context Service. It
> always uses the default Java truststore for certificate validation, which
> prevents the use of privately hosted GitHub/GitLab instances without a public
> certificate.
> Adding a configurable SSL Context Service would allow using a custom
> truststore, as is the case for most other NiFi components using SSL.
> h2. Workaround
> Custom certificates can be added to the default Java truststore using:
> {code:bash}
> keytool -cacerts -importcert -noprompt -file /path/to/custom/ca.cert{code}
> This will affect all SSL connections not using a custom truststore, including
> those made by the Git registry clients.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
