[NIFI-1477] Import trusted CA certificates into NiFi local truststore - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 0.5.0
Fix Version/s: None
Component/s: Core Framework
Labels:
- certificate
- security
- tls
- truststore

Description

A common complaint new users have is that they try to configure a GetHTTP or InvokeHTTP processor to communicate with an external site using TLS and it fails due to certificate validation exceptions. By automatically importing the contents of $JAVA_HOME/jre/lib/security/cacerts into the NiFi local truststore, we could eliminate this obstacle. However, this may not be expected behavior for users who wish to configure a custom truststore to be more discriminating on TLS connections.

Investigate this issue and discuss on mailing list.

Attachments

Issue Links

Is contained by

NIFI-5458 Improve NiFi TLS and certificate management

Open

relates to

NIFI-1444 PostHTTP cannot work with public HTTPS sites

Open

NIFI-1479 Catch PKIX CertPathValidatorException and provide better error messaging

Resolved

Activity

People

Assignee:

Andy LoPresto

Reporter:

Andy LoPresto

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

04/Feb/16 02:39

Updated:

25/Jul/18 22:38

Time Tracking

Estimated:

336h

Remaining:

336h

Logged:

Not Specified