You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2019/02/11 03:45:00 UTC
[jira] [Updated] (NIFI-6012) NiFi toolkit, tls-toolkit.sh server,
doesnt support 3rd party Certificate of Authoprity
[ https://issues.apache.org/jira/browse/NIFI-6012?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy LoPresto updated NIFI-6012:
--------------------------------
Labels: certificate security tls tls-toolkit (was: )
> NiFi toolkit, tls-toolkit.sh server, doesnt support 3rd party Certificate of Authoprity
> ---------------------------------------------------------------------------------------
>
> Key: NIFI-6012
> URL: https://issues.apache.org/jira/browse/NIFI-6012
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Reporter: Erik Anderson
> Assignee: Andy LoPresto
> Priority: Major
> Labels: certificate, security, tls, tls-toolkit
>
> Original details are here.
> [link certificate chain of trust |https://mail-archives.apache.org/mod_mbox/nifi-dev/201902.mbox/%3Cb7825d4c-8cdb-4b2e-b625-7942ce067292%40www.fastmail.com%3E]
> When running the NiFi toolkit ../bin/tls-toolkit.sh server, how do I get the server to include an additional public certificate of authority in the truststore.jks file?
> I was looking through the nifi-toolkit-tls code,
> For the start sequences of the
> ../bin/tls-toolkit.sh server
> I would like to recommend an additional option in the client (or server mode)
> --additionalTrust=[keystore alias],[keystore alias],[keystore alias]
> What this would do is when a client calls the tls-toolkit.sh server, the server would extract these alias stored in the nifi-ca-keystore.jks, and add to the returned truststore.jks file.
> Example:
> --additionalTrust: nifi-cli, digicert, myca
> There seems to be a feature in
> ../bin/tls-toolkit.sh standalone
> --additionalCACertificate
> Which might be a similar feature.
> This would allow an enterprise that installs MITM proxies, to include additional certificates into the trust chain.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)