[NIFI-1477] Import trusted CA certificates into NiFi local truststore - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: 0.5.0
Fix Version/s: None
Component/s: Core Framework
Labels:
- certificate
- security
- tls
- truststore

Description

A common complaint new users have is that they try to configure a GetHTTP or InvokeHTTP processor to communicate with an external site using TLS and it fails due to certificate validation exceptions. By automatically importing the contents of $JAVA_HOME/jre/lib/security/cacerts into the NiFi local truststore, we could eliminate this obstacle. However, this may not be expected behavior for users who wish to configure a custom truststore to be more discriminating on TLS connections.

Investigate this issue and discuss on mailing list.

Attachments

Issue Links

Is contained by

NIFI-5458 Improve NiFi TLS and certificate management

Resolved

relates to

NIFI-1444 PostHTTP cannot work with public HTTPS sites

Resolved

NIFI-1479 Catch PKIX CertPathValidatorException and provide better error messaging

Resolved

Activity

People

Assignee:: Andy LoPresto

Reporter:: Andy LoPresto

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 04/Feb/16 02:39

Updated:: 23/Feb/22 15:46

Resolved:: 23/Feb/22 15:46

Time Tracking

Estimated:

336h

Remaining:

336h

Logged:

Not Specified