[
https://issues.apache.org/jira/browse/NIFI-12169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paul Grey updated NIFI-12169:
-----------------------------
Description:
mailing list discussion:
- https://lists.apache.org/thread/vn1nzobtz4fh7fs461sgg8jj9zygrk0f
Eventual goal is the deprecation of TLS Toolkit [1] for targeted NiFi 2.0
release, in order to address maintenance concerns.
Generation of equivalent keystores and truststores for single development node
is covered by automatic self-signed certificate generation added in NiFi 1.14.0
[2]. Kubernetes cert-manager / organization-specific Certificate Authorities /
Let's Encrypt service provide coverage for keystore needs in production
deployments.
For development clusters, OpenSSL and Java Keytool provide another means to
generate NiFi-ready keystores to be used for secured communication between
cluster nodes. Documentation of needed "openssl/keytool" command sequences
should fill needs currently provided by TLS Toolkit.
Probable scope would include touches of Admin Guide
(administration-guide.adoc), Toolkit Guide (toolkit-guide.adoc), and
Walkthroughs (walkthroughs.adoc). Follow-on work would target the removal of
the current TLS Toolkit.
[1] https://github.com/apache/nifi/tree/main/nifi-toolkit/nifi-toolkit-tls
[2] https://issues.apache.org/jira/browse/NIFI-8403
was:
mailing list discussion:
- https://lists.apache.org/thread/vn1nzobtz4fh7fs461sgg8jj9zygrk0f
> Documentation updates to provide alternatives to usage of TLS Toolkit
> ----------------------------------------------------------------------
>
> Key: NIFI-12169
> URL: https://issues.apache.org/jira/browse/NIFI-12169
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Documentation & Website
> Reporter: Paul Grey
> Assignee: Paul Grey
> Priority: Minor
>
> mailing list discussion:
> - https://lists.apache.org/thread/vn1nzobtz4fh7fs461sgg8jj9zygrk0f
> Eventual goal is the deprecation of TLS Toolkit [1] for targeted NiFi 2.0
> release, in order to address maintenance concerns.
> Generation of equivalent keystores and truststores for single development
> node is covered by automatic self-signed certificate generation added in NiFi
> 1.14.0 [2]. Kubernetes cert-manager / organization-specific Certificate
> Authorities / Let's Encrypt service provide coverage for keystore needs in
> production deployments.
> For development clusters, OpenSSL and Java Keytool provide another means to
> generate NiFi-ready keystores to be used for secured communication between
> cluster nodes. Documentation of needed "openssl/keytool" command sequences
> should fill needs currently provided by TLS Toolkit.
> Probable scope would include touches of Admin Guide
> (administration-guide.adoc), Toolkit Guide (toolkit-guide.adoc), and
> Walkthroughs (walkthroughs.adoc). Follow-on work would target the removal of
> the current TLS Toolkit.
> [1] https://github.com/apache/nifi/tree/main/nifi-toolkit/nifi-toolkit-tls
> [2] https://issues.apache.org/jira/browse/NIFI-8403
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
