[
https://issues.apache.org/jira/browse/RANGER-2636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16968484#comment-16968484
]
Velmurugan Periasamy commented on RANGER-2636:
----------------------------------------------
Patch looks good [~bbende]. Could you please create review board request too?
Thanks.
Couple of things to note. You have probably already considered this.
-- this new config (nifi.ssl.use.default.context) will be only applicable for
new installs. Until Nifi/Nifi registry service def is updated to include this
config, this won't work in existing installs
-- default for this config is false. so it is expected the users to provide the
other configs by default.
> Allow NiFi Client to use default SSLContext
> -------------------------------------------
>
> Key: RANGER-2636
> URL: https://issues.apache.org/jira/browse/RANGER-2636
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Affects Versions: 2.0.0
> Reporter: Bryan Bende
> Assignee: Bryan Bende
> Priority: Major
> Fix For: 2.1.0
>
> Attachments:
> 0001-RANGER-2636-Modifying-NiFi-and-NiFi-Registry-service.patch
>
>
> Currently when defining a new NiFi service, if the url is https, then the
> user is required to supply the configuration for the keystore/truststore to
> use for creating an SSLContext to talk back to NiFi.
> In cases where the ranger's truststore already trusts the certificates used
> by NiFi, there should be a way to just use ranger's SSLContext and not have
> to provide any information.
> This is similar to the solution for RANGER-2567 for communicating with an SSL
> enabled Solr.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
