You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/06/21 19:41:00 UTC

[jira] [Commented] (NIFI-8683) SSLContextService should allow Expression Language to be used for TRUSTSTORE and KEYSTORE

    [ https://issues.apache.org/jira/browse/NIFI-8683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17366808#comment-17366808 ] 

ASF subversion and git services commented on NIFI-8683:
-------------------------------------------------------

Commit 02b4e33aa6cbcba4e3dea706aa9b20e8b501b06f in nifi's branch refs/heads/main from Chris Sampson
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=02b4e33 ]

NIFI-8683 support Expression Language for the Truststore/Keystore properties of SSLContextService

This closes #5147

Signed-off-by: David Handermann <ex...@apache.org>


> SSLContextService should allow Expression Language to be used for TRUSTSTORE and KEYSTORE
> -----------------------------------------------------------------------------------------
>
>                 Key: NIFI-8683
>                 URL: https://issues.apache.org/jira/browse/NIFI-8683
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.13.2
>            Reporter: Chris Sampson
>            Assignee: Chris Sampson
>            Priority: Minor
>          Time Spent: 2h 40m
>  Remaining Estimate: 0h
>
> It would be handy (in clustered environments) for the {{SSLContextService}} to allow Expression Language to be used for specifying the TRUSTSTORE and KEYSTORE properties.
> This would allow users to use an expression like
> {quote}
> "/opt/nifi/nifi-current/conf/certs/${hostname(false)}.jks"
> {quote}
> to reference files that are unique to each host within the cluster (e.g. if using TLS protected communications for Site-To-Site Reporting from a cluster). Each file would still need to use the same password, but at least each host could have its own uniquely named certificate file (instead of having to create the same file on each host, which can lead to users incorrectly creating wildcard certificates for their clusters, which is discouraged).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)