nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [nifi] alopresto commented on pull request #4503: NIFI-7767 - Fixed issue with tls-toolkit not adding SANs to generated…
Date Tue, 01 Sep 2020 23:29:57 GMT

alopresto commented on pull request #4503:
URL: https://github.com/apache/nifi/pull/4503#issuecomment-685186622


   Verified the full build and the new unit tests ran successfully. Used the tool in client/server
mode to generate two new keystores. The first was invoked with only a DN and had the CN successfully
populated as a SAN. The second was invoked with explicit SAN entries and had all provided
hosts listed as SANs. +1, merging. 
   
   ```
    ..13.0-SNAPSHOT   pr4503 ●  ./bin/tls-toolkit.sh client -D CN=node1.nifi -p
9999 -t tokentokent
   okent
   2020/09/01 16:18:42 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClient:
Requesting new certificate from localhost:9999
   2020/09/01 16:18:43 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateSigningRequestPerformer:
Requesting certificate with dn CN=node1.nifi from localhost:9999
   2020/09/01 16:18:43 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateSigningRequestPerformer:
Got certificate with dn CN=node1.nifi
    ..13.0-SNAPSHOT   pr4503 ●  keytool -list -v -keystore keystore.jks       
           16:18:47
   
   Keystore type: JKS
   Keystore provider: SUN
   
   Your keystore contains 1 entry
   
   Alias name: nifi-key
   Creation date: Sep 1, 2020
   Entry type: PrivateKeyEntry
   Certificate chain length: 2
   Certificate[1]:
   Owner: CN=node1.nifi
   Issuer: CN=localhost, OU=NIFI
   Serial number: 1744bf7293f00000000
   Valid from: Tue Sep 01 16:18:43 PDT 2020 until: Mon Dec 05 15:18:43 PST 2022
   Certificate fingerprints:
   	 SHA1: FF:69:2D:99:90:C2:7C:90:7F:07:51:84:53:A4:DD:12:8A:2C:76:D0
   	 SHA256: 41:F0:71:40:B7:9E:D8:4E:BC:71:78:9B:2F:1C:F7:8B:3D:34:93:74:93:98:6E:A8:E0:48:E8:6A:D2:52:5C:DB
   Signature algorithm name: SHA256withRSA
   Subject Public Key Algorithm: 2048-bit RSA key
   Version: 3
   
   Extensions:
   
   ...
   
   #5: ObjectId: 2.5.29.17 Criticality=false
   SubjectAlternativeName [
     DNSName: node1.nifi
   ]
   
   ...
   
    ..13.0-SNAPSHOT   pr4503 ●  nocorrect mv config.json node1.json           
           16:20:44
    ..13.0-SNAPSHOT   pr4503 ●  nocorrect mv keystore.jks node1.jks           
           16:23:00
    ..13.0-SNAPSHOT   pr4503 ●  nocorrect mv truststore.jks node1_ts.jks      
           16:23:19
    ..13.0-SNAPSHOT   pr4503 ●  ./bin/tls-toolkit.sh client -D CN=node2.nifi -p
9999 -t tokentokentokent --subjectAlternativeNames san.nifi,san2.nifi,san3.nifi
   2020/09/01 16:23:35 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClient:
Requesting new certificate from localhost:9999
   2020/09/01 16:23:36 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateSigningRequestPerformer:
Requesting certificate with dn CN=node2.nifi from localhost:9999
   2020/09/01 16:23:36 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateSigningRequestPerformer:
Got certificate with dn CN=node2.nifi
    ..13.0-SNAPSHOT   pr4503 ●  keytool -list -v -keystore keystore.jks       
           16:24:01
   
   Keystore type: JKS
   Keystore provider: SUN
   
   Your keystore contains 1 entry
   
   Alias name: nifi-key
   Creation date: Sep 1, 2020
   Entry type: PrivateKeyEntry
   Certificate chain length: 2
   Certificate[1]:
   Owner: CN=node2.nifi
   Issuer: CN=localhost, OU=NIFI
   Serial number: 1744bfba2b100000000
   Valid from: Tue Sep 01 16:23:36 PDT 2020 until: Mon Dec 05 15:23:36 PST 2022
   Certificate fingerprints:
   	 SHA1: 27:C7:3D:11:DD:D1:F2:24:2C:FC:2A:59:B4:E5:89:29:2B:79:D1:80
   	 SHA256: A3:FE:70:BB:8B:34:50:91:21:C3:FA:3B:91:07:22:74:E4:5B:AD:FA:F5:CE:A0:2B:82:A5:93:80:CC:E9:81:52
   Signature algorithm name: SHA256withRSA
   Subject Public Key Algorithm: 2048-bit RSA key
   Version: 3
   
   Extensions:
   
   ...
   
   #5: ObjectId: 2.5.29.17 Criticality=false
   SubjectAlternativeName [
     DNSName: node2.nifi
     DNSName: san.nifi
     DNSName: san2.nifi
     DNSName: san3.nifi
   ]
   
   ...
   ```


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message