[
https://issues.apache.org/jira/browse/NIFI-15146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18033336#comment-18033336
]
Bill Kinzel commented on NIFI-15146:
------------------------------------
[~exceptionfactory] can you assign this ticket when you get a chance? thx
> Cluster Security: Client Authentication Deprecated (EKU)
> ---------------------------------------------------------
>
> Key: NIFI-15146
> URL: https://issues.apache.org/jira/browse/NIFI-15146
> Project: Apache NiFi
> Issue Type: Bug
> Components: Security
> Affects Versions: 2.6.0
> Reporter: Bill Kinzel
> Priority: Major
>
> We operate a three-node cluster using a publicly-trusted CA (DigiCert).
> We’ve learned that many public CAs are phasing out inclusion of the _Client
> Authentication_ EKU (Extended Key Usage) in publicly-trusted TLS
> certificates. Are there any plans underway to support node auth under this
> new paradigm? I know a private CA is an alternative, but not an option for
> us right now.
> For more detailed information, you can visit our [knowledge
> article|https://knowledge.digicert.com/alerts/sunsetting-client-authentication-eku-from-digicert-public-tls-certificates].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
