[ https://issues.apache.org/jira/browse/NIFI-3331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15866620#comment-15866620 ] ASF GitHub Bot commented on NIFI-3331: -------------------------------------- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/1491#discussion_r101137884 --- Diff: nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLine.java --- @@ -41,12 +41,14 @@ public class TlsCertificateAuthorityClientCommandLine extends BaseCertificateAuthorityCommandLine { public static final String DESCRIPTION = "Generates a private key and gets it signed by the certificate authority."; public static final String CERTIFICATE_DIRECTORY = "certificateDirectory"; + public static final String SUBJECT_ALTERNATIVE_NAME = "subjectAlternativeName"; --- End diff -- This should probably be plural. > TLS Toolkit - add the possibility to define a SAN in issued certificates > ------------------------------------------------------------------------ > > Key: NIFI-3331 > URL: https://issues.apache.org/jira/browse/NIFI-3331 > Project: Apache NiFi > Issue Type: Improvement > Components: Tools and Build > Reporter: Pierre Villard > Assignee: Pierre Villard > Labels: tls-toolkit > Fix For: 1.2.0 > > > To ease the deployment of a load balancer in front of NiFi, it would be nice to allow users to define a SAN in certificates issued by the CA. > To load balance the access to the UI or even with a ListenHTTP processor, both will cause errors with a "Host mismatch" kind of error because of different fqdn between nodes certificate and LB certificate. This is also discussed here: http://stackoverflow.com/questions/40035356/nifi-load-balancer -- This message was sent by Atlassian JIRA (v6.3.15#6346)