On Wed, Oct 14, 2020 at 3:59 PM Nathan Gough <[email protected]> wrote: > > Is there a reason each ListenHTTP has a unique SSLContextService if they're > all using the same certificates? > > If it were me, I'd use a single shared SSLContextService, and when I needed > to update the certificate in the keystore/truststore, I would change it on > disk by renaming the old file and putting the new file in place with the > original name. Now NiFi and the context service refers to the updated > certificates and no NiFi configuration changed. Does this work for you?
Possibly. Its likely the sslcontext documentation wasn't clear when i read it and didn't realize i could do this. and yes i came to same conclusion about symlinking the keystores on the local filesystem, which should also work. ideally, these parameters would be managed via some xml file that i could have puppet control. so when the certs change, puppet can push out the changes and update everything. yes i can do this with a symlink, but it's not my preferred method to declare the resources and changes.
