Currently all keystores & truststores used for NiFi core services (site-to-site, API, UI, etc.) require a restart to be reloaded. As Matt mentioned, there is an opportunity for improvement via a watcher mechanism, but I do not expect this before NiFi 2.0. Please file a feature Jira if you have specific requests.
Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jun 13, 2019, at 5:25 PM, Craig Knell <[email protected]> wrote: > > Im also interested certificates for S2S and restarting Nifi. > Something like certificate rotation service would be great. See > https://kubeedge.io/en/blog/secure-kubeedge/ > <https://kubeedge.io/en/blog/secure-kubeedge/> for an > SPIFFE/SPIRE implementation. > > Best regards > > Craig Knell > > > > On 14 Jun 2019, at 05:51, Matt Burgess <[email protected] > <mailto:[email protected]>> wrote: > >> Jim, >> >> I believe that depends on how the controller service was implemented, >> but in a cursory glance it looks like it often happens when the >> service is enabled, which would mean a restart. Might be worth a look >> at a "watcher" that could notify services of changes... >> >> Regards, >> Matt >> >> On Thu, Jun 13, 2019 at 5:23 PM James McMahon <[email protected] >> <mailto:[email protected]>> wrote: >>> >>> Hello. If I add a new self-signed cert to my keystore and truststore, do I >>> need to restart the NiFi service? Or will the controller services >>> automatically pick up the additions the next time they check the stores? >>> Thank you.
