[
https://issues.apache.org/jira/browse/NIFI-3331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15867550#comment-15867550
]
ASF GitHub Bot commented on NIFI-3331:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1491
Standalone mode still interacts with a CA (something has to sign the issued
node certificates), it's just that the CA runs ephemerally on the same system
as the command-line invocation as opposed to on another instance in the
client/server model.
I agree that a new Jira is sufficient to capture this feature because it is
more *likely* someone deploying lots of nodes behind a load balancer would be
using the client/server model.
> TLS Toolkit - add the possibility to define a SAN in issued certificates
> ------------------------------------------------------------------------
>
> Key: NIFI-3331
> URL: https://issues.apache.org/jira/browse/NIFI-3331
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.1.1
> Reporter: Pierre Villard
> Assignee: Pierre Villard
> Labels: tls-toolkit
> Fix For: 1.2.0
>
>
> To ease the deployment of a load balancer in front of NiFi, it would be nice
> to allow users to define a SAN in certificates issued by the CA.
> To load balance the access to the UI or even with a ListenHTTP processor,
> both will cause errors with a "Host mismatch" kind of error because of
> different fqdn between nodes certificate and LB certificate. This is also
> discussed here: http://stackoverflow.com/questions/40035356/nifi-load-balancer
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
