[jira] [Commented] (NIFI-3331) TLS Toolkit - add the possibility to define a SAN in issued certificates

Tue, 14 Feb 2017 12:44:13 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-3331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15866627#comment-15866627
 ] 

ASF GitHub Bot commented on NIFI-3331:
--------------------------------------

Github user alopresto commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/1491#discussion_r101138360
  
    --- Diff: 
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java
 ---
    @@ -184,8 +192,27 @@ public static KeyPair generateKeyPair(String 
algorithm, int keySize) throws NoSu
             return createKeyPairGenerator(algorithm, 
keySize).generateKeyPair();
         }
     
    -    public static JcaPKCS10CertificationRequest 
generateCertificationRequest(String requestedDn, KeyPair keyPair, String 
signingAlgorithm) throws OperatorCreationException {
    +    public static JcaPKCS10CertificationRequest 
generateCertificationRequest(String requestedDn, String domainAlternativeName,
    +            KeyPair keyPair, String signingAlgorithm) throws 
OperatorCreationException {
             JcaPKCS10CertificationRequestBuilder 
jcaPKCS10CertificationRequestBuilder = new 
JcaPKCS10CertificationRequestBuilder(new X500Name(requestedDn), 
keyPair.getPublic());
    +
    +        // add Subject Alternative Name
    +        if(StringUtils.isNotBlank(domainAlternativeName)) {
    --- End diff --
    
    Variable should be plural as it can contain multiple entries. 


> TLS Toolkit - add the possibility to define a SAN in issued certificates
> ------------------------------------------------------------------------
>
>                 Key: NIFI-3331
>                 URL: https://issues.apache.org/jira/browse/NIFI-3331
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>            Reporter: Pierre Villard
>            Assignee: Pierre Villard
>              Labels: tls-toolkit
>             Fix For: 1.2.0
>
>
> To ease the deployment of a load balancer in front of NiFi, it would be nice 
> to allow users to define a SAN in certificates issued by the CA.
> To load balance the access to the UI or even with a ListenHTTP processor, 
> both will cause errors with a "Host mismatch" kind of error because of 
> different fqdn between nodes certificate and LB certificate. This is also 
> discussed here: http://stackoverflow.com/questions/40035356/nifi-load-balancer



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to