You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Chris Sampson (Jira)" <ji...@apache.org> on 2021/06/11 11:12:00 UTC
[jira] [Created] (NIFI-8683) SSLContextService should allow
Expression Language to be used for TRUSTSTORE and KEYSTORE
Chris Sampson created NIFI-8683:
-----------------------------------
Summary: SSLContextService should allow Expression Language to be used for TRUSTSTORE and KEYSTORE
Key: NIFI-8683
URL: https://issues.apache.org/jira/browse/NIFI-8683
Project: Apache NiFi
Issue Type: Improvement
Affects Versions: 1.13.2
Reporter: Chris Sampson
It would be handy (in clustered environments) for the {{SSLContextService}} to allow Expression Language to be used for specifying the TRUSTSTORE and KEYSTORE properties.
This would allow users to use an expression like
{quote}
"/opt/nifi/nifi-current/conf/certs/${hostname(false)}.jks"
{quote}
to reference files that are unique to each host within the cluster (e.g. if using TLS protected communications for Site-To-Site Reporting from a cluster). Each file would still need to use the same password, but at least each host could have its own uniquely named certificate file (instead of having to create the same file on each host, which can lead to users incorrectly creating wildcard certificates for their clusters, which is discouraged).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)