I appreciate the responses. I will try out the canonical
/StandardSSLContextService/ first (since that's what I am using with
Kafka), then imitate the other sample depending.
However, where/how do I install the certificates I'll be given for use?
I would expect something for certain representing the third-party
service in a truststore and maybe another (a private key) in a keystore.
On 7/5/22 16:30, Russell Bateman wrote:
From a custom processor, I intend to interface with a third-party
service (via simple HTTP client), however, I would need as I
understand it to
a) maintain a private key by which I can identify myself to that
third-party service and
b) maintain a trusted-store certificate by which I can guarantee
the identity of the service.
This is pretty far outside my own experience. I have been reading on
how this is achieved in Java, but in my mind a complication arises
from the fact that a custom NiFi processor lives within NiFi's JVM. My
question is therefore, how can I control the certificates and
authorities for my use in or associated with NiFi's JVM. Clearly, I
don't grok this well enough even to ask the question; I'm hoping
someone can see through what I'm asking and point me in a good
direction to study.
I've written a pile of successful and useful custom NiFi processors to
cover proprietary needs, so custom-processor writing isn't a mystery.
Certificates, keys, trusts and security in general still is.
Profuse thanks,
Russ