Original details are here.
When running the NiFi toolkit ../bin/tls-toolkit.sh server, how do I get the server to include an additional public certificate of authority in the truststore.jks file?
I was looking through the nifi-toolkit-tls code,
For the start sequences of the
I would like to recommend an additional option in the client (or server mode)
--additionalTrust=[keystore alias],[keystore alias],[keystore alias]
What this would do is when a client calls the tls-toolkit.sh server, the server would extract these alias stored in the nifi-ca-keystore.jks, and add to the returned truststore.jks file.
--additionalTrust: nifi-cli, digicert, myca
There seems to be a feature in
Which might be a similar feature.
This would allow an enterprise that installs MITM proxies, to include additional certificates into the trust chain.