Bill Kinzel created NIFI-15146:
----------------------------------
Summary: Client Authentication Extended Key Usage (EKU)
Key: NIFI-15146
URL: https://issues.apache.org/jira/browse/NIFI-15146
Project: Apache NiFi
Issue Type: Bug
Components: Security
Affects Versions: 2.6.0
Reporter: Bill Kinzel
We operate a three-node cluster using a publicly-trusted CA (DigiCert). We’ve
learned that many public CAs are phasing out inclusion of the _Client
Authentication_ EKU (Extended Key Usage) in publicly-trusted TLS certificates.
Are there any plans underway to support node auth under this new paradigm? I
know a private CA is an alternative, but not an option for us right now.
For more detailed information, you can visit our [knowledge
article|https://knowledge.digicert.com/alerts/sunsetting-client-authentication-eku-from-digicert-public-tls-certificates].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
