nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (NIFI-3331) TLS Toolkit - add the possibility to define a SAN in issued certificates
Date Tue, 14 Feb 2017 20:42:41 GMT

    [ https://issues.apache.org/jira/browse/NIFI-3331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15866624#comment-15866624
] 

ASF GitHub Bot commented on NIFI-3331:
--------------------------------------

Github user alopresto commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/1491#discussion_r101138034
  
    --- Diff: nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLine.java
---
    @@ -110,13 +113,18 @@ protected String getDnHostname() {
         protected CommandLine doParse(String[] args) throws CommandLineParseException {
             CommandLine commandLine = super.doParse(args);
             certificateDirectory = commandLine.getOptionValue(CERTIFICATE_DIRECTORY, DEFAULT_CERTIFICATE_DIRECTORY);
    +        domaineAlternativeName = commandLine.getOptionValue(SUBJECT_ALTERNATIVE_NAME);
             return commandLine;
         }
     
         public String getCertificateDirectory() {
             return certificateDirectory;
         }
     
    +    public String getDomaineAlternativeName() {
    --- End diff --
    
    Same comment about typo. 


> TLS Toolkit - add the possibility to define a SAN in issued certificates
> ------------------------------------------------------------------------
>
>                 Key: NIFI-3331
>                 URL: https://issues.apache.org/jira/browse/NIFI-3331
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>            Reporter: Pierre Villard
>            Assignee: Pierre Villard
>              Labels: tls-toolkit
>             Fix For: 1.2.0
>
>
> To ease the deployment of a load balancer in front of NiFi, it would be nice to allow
users to define a SAN in certificates issued by the CA.
> To load balance the access to the UI or even with a ListenHTTP processor, both will cause
errors with a "Host mismatch" kind of error because of different fqdn between nodes certificate
and LB certificate. This is also discussed here: http://stackoverflow.com/questions/40035356/nifi-load-balancer



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message