I think the word “trusted” is doing a lot of work here. As it stands, only
certificates that are either explicitly present or signed by a certificate
present in the corresponding truststore will be accepted. If the certificate is
self-signed, all that means is that an external entity (a certificate authority
or CA) did not evaluate the identity & ownership of the certificate and sign
it. So any certificate (self-signed or not) is still required to be “trusted”
by the truststore for the connection to work.
If you mean you want it to accept “any certificate signed by a generally
accepted CA, you can rely on a generic truststore. Your OS, browser(s), and
even Java come with these truststores pre-populated with the public
certificates of the commercial and government CAs (what allows your computer to
connect to and verify a generic internet site out of the box). The Java Virtual
Machine (JVM) from the JRE or JDK will contain a JKS truststore called
“cacerts” with the default password “changeit”. The location will vary slightly
depending on the version of Java you’re using, but look inside your Java home
directory for "jre/lib/security/cacerts”.
Also, is there a reason you’re using web sockets between two NiFi instances?
The NiFi Site-to-site protocol [1] offers a number of advantages.
[1]
https://medium.com/@abdelkrim.hadjidj/hub-and-spoke-architectures-with-nifi-site-to-site-communications-at-any-level-a-nifi-1-10-a8702f77c66e
Andy LoPresto
alopre...@apache.org
alopresto.apa...@gmail.com
He/Him
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69
> On Sep 10, 2020, at 12:32 AM, Madhan Vishwas
> wrote:
>
> Hi All,
> I am using WebSocket for communication between two independently running
> instances of NiFi.
> SSLContextService is being used for Secure Communication(WSS).
> Everything works fine and is tested with Self signed certificates.
> However, I would like to make sure that the communication works only with
> trusted Certificates. Is there some way this can be ensured ?
> Please advise.
> Thanks in advance.
> Madhan.