Return-Path: <commits-return-26937-archive-asf-public=cust-asf.ponee.io@nifi.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id B5BFD200AE4
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Fri, 10 Jun 2016 02:43:22 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id B456F160A5D; Fri, 10 Jun 2016 00:43:22 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 2F977160A58
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 10 Jun 2016 02:43:22 +0200 (CEST)
Received: (qmail 36734 invoked by uid 500); 10 Jun 2016 00:43:21 -0000
Mailing-List: contact commits-help@nifi.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@nifi.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@nifi.apache.org>
List-Post: <mailto:commits@nifi.apache.org>
List-Id: <commits.nifi.apache.org>
Reply-To: dev@nifi.apache.org
Delivered-To: mailing list commits@nifi.apache.org
Received: (qmail 36705 invoked by uid 99); 10 Jun 2016 00:43:21 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 10 Jun 2016 00:43:21 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id 383F02C1F6C
	for <commits@nifi.apache.org>; Fri, 10 Jun 2016 00:43:21 +0000 (UTC)
Date: Fri, 10 Jun 2016 00:43:21 +0000 (UTC)
From: "Andy LoPresto (JIRA)" <jira@apache.org>
To: commits@nifi.apache.org
Message-ID: <JIRA.12977450.1465519388000.47567.1465519401227@Atlassian.JIRA>
In-Reply-To: <JIRA.12977450.1465519388000@Atlassian.JIRA>
References: <JIRA.12977450.1465519388000@Atlassian.JIRA> <JIRA.12977450.1465519388328@arcas>
Subject: [jira] [Created] (NIFI-1995) Support keystores with multiple
 certificates by exposing alias selection in configuration
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Fri, 10 Jun 2016 00:43:22 -0000

Andy LoPresto created NIFI-1995:
-----------------------------------

             Summary: Support keystores with multiple certificates by exposing alias selection in configuration
                 Key: NIFI-1995
                 URL: https://issues.apache.org/jira/browse/NIFI-1995
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Core Framework
    Affects Versions: 0.6.1
            Reporter: Andy LoPresto
            Assignee: Andy LoPresto
             Fix For: 1.0.0


Some users and organizations would like to provide different certificates for identification of the same NiFi instance when acting in different roles (for example, one certificate to identify the server for the API / UI interaction, and another to identify the server in cluster communications and/or site-to-site communications). A preliminary list of roles is:

* API / UI host
* remote authorization / authentication repositories (communicating with Ranger, LDAP, KDC, etc.)
* cluster (node/NCM/Zookeeper)
* site-to-site
* client when connecting to remote services during data flow ({{InvokeHTTP}}, {{PutSQL}}, etc.)

This should be implemented in a manner that does not break the default operation (i.e. a keystore with a single certificate value) but allows easy overriding for one or more of the roles listed above. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)