You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Chris Sampson (Jira)" <ji...@apache.org> on 2021/06/11 11:12:00 UTC

[jira] [Created] (NIFI-8683) SSLContextService should allow Expression Language to be used for TRUSTSTORE and KEYSTORE

Chris Sampson created NIFI-8683:
-----------------------------------

             Summary: SSLContextService should allow Expression Language to be used for TRUSTSTORE and KEYSTORE
                 Key: NIFI-8683
                 URL: https://issues.apache.org/jira/browse/NIFI-8683
             Project: Apache NiFi
          Issue Type: Improvement
    Affects Versions: 1.13.2
            Reporter: Chris Sampson


It would be handy (in clustered environments) for the {{SSLContextService}} to allow Expression Language to be used for specifying the TRUSTSTORE and KEYSTORE properties.

This would allow users to use an expression like
{quote}
"/opt/nifi/nifi-current/conf/certs/${hostname(false)}.jks"
{quote}
to reference files that are unique to each host within the cluster (e.g. if using TLS protected communications for Site-To-Site Reporting from a cluster). Each file would still need to use the same password, but at least each host could have its own uniquely named certificate file (instead of having to create the same file on each host, which can lead to users incorrectly creating wildcard certificates for their clusters, which is discouraged).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)