[
https://issues.apache.org/jira/browse/NIFI-13987?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-13987:
------------------------------------
Fix Version/s: 2.8.0
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Use SSL Context Service in GitHubFlowRegistryClient and
> GitLabFlowRegistryClient
> --------------------------------------------------------------------------------
>
> Key: NIFI-13987
> URL: https://issues.apache.org/jira/browse/NIFI-13987
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 2.0.0
> Reporter: René Zeidler
> Assignee: Pierre Villard
> Priority: Major
> Labels: certificate, client, git, github, gitlab, https,
> registry, ssl
> Fix For: 2.8.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The Git Flow Registry Clients currently don't use the SSL Context Service. It
> always uses the default Java truststore for certificate validation, which
> prevents the use of privately hosted GitHub/GitLab instances without a public
> certificate.
> Adding a configurable SSL Context Service would allow using a custom
> truststore, as is the case for most other NiFi components using SSL.
> h2. Workaround
> Custom certificates can be added to the default Java truststore using:
> {code:bash}
> keytool -cacerts -importcert -noprompt -file /path/to/custom/ca.cert{code}
> This will affect all SSL connections not using a custom truststore, including
> those made by the Git registry clients.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
