You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Bryan Rosander (JIRA)" <ji...@apache.org> on 2016/10/27 19:40:58 UTC
[jira] [Commented] (NIFI-2959) TLS Toolkit should provide the
correct DN to authorizers.xml for the Initial Admin Identity
[ https://issues.apache.org/jira/browse/NIFI-2959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15612957#comment-15612957 ]
Bryan Rosander commented on NIFI-2959:
--------------------------------------
Client mode does log DN but could be clearer about it ex:
{code}
2016-10-27 15:12:10,319 INFO [main] o.a.n.t.t.s.c.TlsCertificateSigningRequestPerformer Got certificate with dn CN=localhost, OU=NIFI
{code}
Standalone needs similar logging and they both need to be clearer about what should be copied to authorizers.xml
> TLS Toolkit should provide the correct DN to authorizers.xml for the Initial Admin Identity
> -------------------------------------------------------------------------------------------
>
> Key: NIFI-2959
> URL: https://issues.apache.org/jira/browse/NIFI-2959
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.0.0
> Reporter: Andy LoPresto
> Labels: security, tls-toolkit
>
> Users frequently experience a user permission error when trying to access a secured instance of NiFi after using the TLS toolkit to create a client certificate because the whitespace formatting of the provided DN differs from the resulting certificate subject. The toolkit should output a clear log line with the exact string that should be copied to {{authorizers.xml}} *Initial Admin Identity* when a client certificate is generated, and if a special flag is invoked during the command line call, the provided {{authorizers.xml}} should be updated directly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)