Hello, I apologize if this is a simple/stupid question, but reading through the administration guide and copious amounts of googling have returned very little regarding this.
I'm looking into utilizing only client certificates for authentication to our Apache NiFi server. I want to avoid having to add another software package (e.g. LDAP, Kerberos, etc.) to the server. After spending the last few days working on this and getting an understanding of how to get new users created, I'm running into an issue: a user's client certificate has to be added to the truststore on the server in order for it to be allowed to access the NiFi web server, and NiFi doesn't seem to recognize changes to the truststore while it's running. While I don't expect to need to add a ton of new users, I am imagining a scenario where my program managers need a new user added immediately while one of our lead developers is in the process of doing something in the web app that he can't lose due to a service restart. Is there a way to make NiFi recognize changes to the truststore without requiring the service to be restarted? If not, is there a way to have NiFi trust all certs from a certain CA? They still wouldn't actually be able to access anything without having a user account tied to their cert's DN... Thanks! r/ Joseph Wheeler