nifi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andy LoPresto (JIRA)" <j...@apache.org>
Subject [jira] [Created] (NIFI-1995) Support keystores with multiple certificates by exposing alias selection in configuration
Date Fri, 10 Jun 2016 00:43:21 GMT
Andy LoPresto created NIFI-1995:
-----------------------------------

             Summary: Support keystores with multiple certificates by exposing alias selection
in configuration
                 Key: NIFI-1995
                 URL: https://issues.apache.org/jira/browse/NIFI-1995
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Core Framework
    Affects Versions: 0.6.1
            Reporter: Andy LoPresto
            Assignee: Andy LoPresto
             Fix For: 1.0.0


Some users and organizations would like to provide different certificates for identification
of the same NiFi instance when acting in different roles (for example, one certificate to
identify the server for the API / UI interaction, and another to identify the server in cluster
communications and/or site-to-site communications). A preliminary list of roles is:

* API / UI host
* remote authorization / authentication repositories (communicating with Ranger, LDAP, KDC,
etc.)
* cluster (node/NCM/Zookeeper)
* site-to-site
* client when connecting to remote services during data flow ({{InvokeHTTP}}, {{PutSQL}},
etc.)

This should be implemented in a manner that does not break the default operation (i.e. a keystore
with a single certificate value) but allows easy overriding for one or more of the roles listed
above. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message