You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2016/07/21 22:37:20 UTC
[jira] [Updated] (NIFI-1995) Support keystores with multiple
certificates by exposing alias selection in configuration
[ https://issues.apache.org/jira/browse/NIFI-1995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy LoPresto updated NIFI-1995:
--------------------------------
Fix Version/s: (was: 1.0.0)
> Support keystores with multiple certificates by exposing alias selection in configuration
> -----------------------------------------------------------------------------------------
>
> Key: NIFI-1995
> URL: https://issues.apache.org/jira/browse/NIFI-1995
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 0.6.1
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Labels: certificate, keystore, security
>
> Some users and organizations would like to provide different certificates for identification of the same NiFi instance when acting in different roles (for example, one certificate to identify the server for the API / UI interaction, and another to identify the server in cluster communications and/or site-to-site communications). A preliminary list of roles is:
> * API / UI host
> * remote authorization / authentication repositories (communicating with Ranger, LDAP, KDC, etc.)
> * cluster (node/NCM/Zookeeper)
> * site-to-site
> * client when connecting to remote services during data flow ({{InvokeHTTP}}, {{PutSQL}}, etc.)
> This should be implemented in a manner that does not break the default operation (i.e. a keystore with a single certificate value) but allows easy overriding for one or more of the roles listed above.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)