nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (Jira)" <j...@apache.org>
Subject [jira] [Commented] (NIFI-7053) Update Toolkit Guide with macOS 10.15 trusted certificate requirements (2048 bit key and max of 825 days of validity)
Date Fri, 14 Feb 2020 18:32:00 GMT

    [ https://issues.apache.org/jira/browse/NIFI-7053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17037180#comment-17037180
] 

ASF subversion and git services commented on NIFI-7053:
-------------------------------------------------------

Commit 85cc5689e636bd3e727872e8feb2834cd7ffeb7a in nifi's branch refs/heads/support/nifi-1.11.x
from Andrew Lim
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=85cc568 ]

NIFI-7053 Update Toolkit Guide with macOS 10.15 requirements for trus… (#4018)

* NIFI-7053 Update Toolkit Guide with macOS 10.15 requirements for trusted certificates

* Simplified note about trusted certs in macOS 10.15

Signed-off-by: Andy LoPresto <alopresto@apache.org>

> Update Toolkit Guide with macOS 10.15  trusted certificate requirements (2048 bit key
and max of 825 days of validity)
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-7053
>                 URL: https://issues.apache.org/jira/browse/NIFI-7053
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Documentation &amp; Website, Security
>            Reporter: Andrew M. Lim
>            Assignee: Andrew M. Lim
>            Priority: Major
>             Fix For: 1.12.0, 1.11.2
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> I was testing secured NiFi and NiFi Registry on macOS 10.15.2 using certs generated by
the TLS Toolkit.  I was able to access the UIs of both apps using Safari but not able to
with Chrome due to a NET::ERR_CERT_REVOKED error which I had never seen before.  Turns out
this is a known issue on Catalina ([https://support.apple.com/en-us/HT210176]). macOSX 10.15
requires certs to be:
>  * valid for 825 days or less
>  * a minimum 2048 bit key
> By default, the TLS Toolkit sets the number of days the cert should be valid for to 1095
days and the number of bits for generated keys to 2048. Generating new certs with the required
825 validity solved the issue.
> We should document this in the Toolkit Guide for the Mac users in the NiFi community.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message