Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1530
@pvillard31 I reviewed this again. I like it; my only concern is that if
you run with `-SAN` it will still process, it won't show any error and a user
might expect it to generate a SAN in the keystore though it won't. As no one
other than the commenters on this PR have experienced this, however, I do not
think it should stop the inclusion of this feature.
```
hw12203:...assembly/target/nifi-toolkit-1.2.0-SNAPSHOT-bin/nifi-toolkit-1.2.0-SNAPSHOT
(pr1530) alopresto
ð 1224747s @ 16:32:49 $ ./bin/tls-toolkit.sh standalone -n localhost -O
-S password -SAN hostname.com
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine: No
nifiPropertiesFile specified, using embedded one.
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Running standalone
certificate generation with output directory ../nifi-toolkit-1.2.0-SNAPSHOT
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Using existing CA
certificate ../nifi-toolkit-1.2.0-SNAPSHOT/nifi-cert.pem and key
../nifi-toolkit-1.2.0-SNAPSHOT/nifi-key.key
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Overwriting any
existing ssl configuration in ../nifi-toolkit-1.2.0-SNAPSHOT/localhost
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Successfully
generated TLS configuration for localhost 1 in
../nifi-toolkit-1.2.0-SNAPSHOT/localhost
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: No clientCertDn
specified, not generating any client certificates.
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: tls-toolkit
standalone completed successfully
hw12203:...assembly/target/nifi-toolkit-1.2.0-SNAPSHOT-bin/nifi-toolkit-1.2.0-SNAPSHOT
(pr1530) alopresto
ð 1224763s @ 16:33:05 $ keytool -list -v -keystore
localhost/keystore.jks -storepass password
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: nifi-key
Creation date: Mar 6, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=NIFI
Issuer: CN=localhost, OU=NIFI
Serial number: 15aa62f097a00000000
Valid from: Mon Mar 06 16:33:04 PST 2017 until: Thu Mar 05 16:33:04 PST 2020
Certificate fingerprints:
MD5: 52:CF:22:54:02:AB:22:8E:DE:AC:C8:2E:3F:8C:1B:2C
SHA1: 55:87:B5:20:8F:1F:03:F3:D2:68:85:F5:4E:49:85:D5:53:6A:27:11
SHA256:
E1:6E:F6:89:73:70:26:31:57:CB:8B:E6:44:DA:32:0B:77:39:22:1D:EA:5E:B8:3E:2D:4F:24:4C:68:2A:A4:3F
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D0 B6 50 54 15 F2 64 EA AA EB D4 82 A0 07 B4 2D ..PT..d........-
0010: 28 AC 66 CF (.f.
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Key_Agreement
]
#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D0 DC A2 03 C9 18 03 B8 B1 1B 0E 11 BC A5 A7 CF ................
0010: 1F 68 3A 63 .h:c
]
]
Certificate[2]:
Owner: CN=localhost, OU=NIFI
Issuer: CN=localhost, OU=NIFI
Serial number: 15aa62eb59a00000000
Valid from: Mon Mar 06 16:32:43 PST 2017 until: Thu Mar 05 16:32:43 PST 2020
Certificate fingerprints:
MD5: 44:15:FC:42:BE:A3:A5:7E:C3:86:AF:82:50:51:E3:E4
SHA1: 38:D3:42:19:6C:71:5C:02:BF:8E:A1:02:DE:A3:D8:0C:D4:73:8D:B7
SHA256:
13:71:F8:1A:22:A3:43:93:29:1D:2F:41:F8:C0:1E:25:79:E2:D7:5D:28:53:5C:21:97:A0:68:6C:AD:39:18:62
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D0 B6 50 54 15 F2 64 EA AA EB D4 82 A0 07 B4 2D ..PT..d........-
0010: 28 AC 66 CF (.f.
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Key_Agreement
Key_CertSign
Crl_Sign
]
#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D0 B6 50 54 15 F2 64 EA AA EB D4 82 A0 07 B4 2D ..PT..d........-
0010: 28 AC 66 CF (.f.
]
]
*******************************************
*******************************************
hw12203:...assembly/target/nifi-toolkit-1.2.0-SNAPSHOT-bin/nifi-toolkit-1.2.0-SNAPSHOT
(pr1530) alopresto
ð 1224775s @ 16:33:17 $
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
