You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2020/12/14 18:40:00 UTC

[jira] [Commented] (NIFI-4558) Populate default keystore/truststore types in SSLContextService

    [ https://issues.apache.org/jira/browse/NIFI-4558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17249209#comment-17249209 ] 

David Handermann commented on NIFI-4558:
----------------------------------------

This feature would be useful, but instead of defaulting to JKS, it seems better to use the KeyStore.getDefaultType() method to match the JVM runtime configuration.  This would result in JKS on Java 8 and PKCS12 on Java 9 and greater.  If that is too confusing, recommend defaulting to PKCS12 as that is the standard for current versions of Java.

> Populate default keystore/truststore types in SSLContextService
> ---------------------------------------------------------------
>
>                 Key: NIFI-4558
>                 URL: https://issues.apache.org/jira/browse/NIFI-4558
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: 1.4.0
>            Reporter: Andy LoPresto
>            Assignee: Nathan Gough
>            Priority: Trivial
>              Labels: controller_services, jks, keystore, pkcs12, security, ssl, tls, truststore, ux
>
> The keystore and truststore type is almost always JKS as opposed to PKCS12 when creating SSL controller services. Both {{StandardSSLContextService}} and {{StandardRestrictedSSLContextService}} should have those fields autopopulated to JKS, saving 2-4 clicks per instantiation. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)