You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Veda Kadam (Jira)" <ji...@apache.org> on 2020/07/24 22:27:00 UTC
[jira] [Created] (NIFI-7673) Toolkit in diagnostic mode should
verify independent node
Veda Kadam created NIFI-7673:
--------------------------------
Summary: Toolkit in diagnostic mode should verify independent node
Key: NIFI-7673
URL: https://issues.apache.org/jira/browse/NIFI-7673
Project: Apache NiFi
Issue Type: Improvement
Components: Configuration Management, Tools and Build
Affects Versions: 1.11.4
Reporter: Veda Kadam
Assignee: Veda Kadam
* Incomplete chainĀ
* All nodes have wildcard certificates. Cannot identify one node from the other
* Use any certs as long as prerequisites are aligned with NiFi.
* Build monitoring for expiration of TLS certificates
* Ambari using NiFi CA, overrides/corrupts if using external certs
* Populate authorization.xml file if using external certs
* Have internal method to avoid removal of authorization.xml and users.xml
* Explicit document with prerequisites for certs
* --additionalCACertificate <arg> for Client-Server model
* Validate certs if not using CA toolkit
* Firewall/DNS issues resolving multiple nodes in cluster
* Independent node configuration verification
# Priority 0
# Addresses B, C, D, J
# Description: Verifies each node has the correct configuration files and passwords available, and that the key/certificate contents of the keystore and truststore are correct for that node
# Steps
# Run on each node
# Read the nifi.properties file
# Verify the keystore and truststore are located at the correct file path
# Verify the keystore password, key password, and truststore password are correct
# Verify that the keystore contains a single private key entry and a public certificate which identifies this host
# CN
# SAN
# Not wildcard (or at least unique SAN present)
# EKU
# Certificate validity dates
# Key size
# Other OIDs
# Verify that the truststore contains at least one public certificate
# Verify that the truststore contains a public certificate which verifies the private key in the keystore for this node (i.e. this node would trust itself/the signer of itself)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)