[
https://issues.apache.org/jira/browse/NIFI-3490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15898477#comment-15898477
]
ASF GitHub Bot commented on NIFI-3490:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1530
@pvillard31 I reviewed this again. I like it; my only concern is that if
you run with `-SAN` it will still process, it won't show any error and a user
might expect it to generate a SAN in the keystore though it won't. As no one
other than the commenters on this PR have experienced this, however, I do not
think it should stop the inclusion of this feature.
```
hw12203:...assembly/target/nifi-toolkit-1.2.0-SNAPSHOT-bin/nifi-toolkit-1.2.0-SNAPSHOT
(pr1530) alopresto
🔓 1224747s @ 16:32:49 $ ./bin/tls-toolkit.sh standalone -n localhost -O -S
password -SAN hostname.com
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine: No
nifiPropertiesFile specified, using embedded one.
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Running standalone
certificate generation with output directory ../nifi-toolkit-1.2.0-SNAPSHOT
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Using existing CA
certificate ../nifi-toolkit-1.2.0-SNAPSHOT/nifi-cert.pem and key
../nifi-toolkit-1.2.0-SNAPSHOT/nifi-key.key
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Overwriting any
existing ssl configuration in ../nifi-toolkit-1.2.0-SNAPSHOT/localhost
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Successfully
generated TLS configuration for localhost 1 in
../nifi-toolkit-1.2.0-SNAPSHOT/localhost
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: No clientCertDn
specified, not generating any client certificates.
2017/03/06 16:33:04 INFO [main]
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: tls-toolkit
standalone completed successfully
hw12203:...assembly/target/nifi-toolkit-1.2.0-SNAPSHOT-bin/nifi-toolkit-1.2.0-SNAPSHOT
(pr1530) alopresto
🔓 1224763s @ 16:33:05 $ keytool -list -v -keystore localhost/keystore.jks
-storepass password
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: nifi-key
Creation date: Mar 6, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=NIFI
Issuer: CN=localhost, OU=NIFI
Serial number: 15aa62f097a00000000
Valid from: Mon Mar 06 16:33:04 PST 2017 until: Thu Mar 05 16:33:04 PST 2020
Certificate fingerprints:
MD5: 52:CF:22:54:02:AB:22:8E:DE:AC:C8:2E:3F:8C:1B:2C
SHA1: 55:87:B5:20:8F:1F:03:F3:D2:68:85:F5:4E:49:85:D5:53:6A:27:11
SHA256:
E1:6E:F6:89:73:70:26:31:57:CB:8B:E6:44:DA:32:0B:77:39:22:1D:EA:5E:B8:3E:2D:4F:24:4C:68:2A:A4:3F
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D0 B6 50 54 15 F2 64 EA AA EB D4 82 A0 07 B4 2D ..PT..d........-
0010: 28 AC 66 CF (.f.
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Key_Agreement
]
#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D0 DC A2 03 C9 18 03 B8 B1 1B 0E 11 BC A5 A7 CF ................
0010: 1F 68 3A 63 .h:c
]
]
Certificate[2]:
Owner: CN=localhost, OU=NIFI
Issuer: CN=localhost, OU=NIFI
Serial number: 15aa62eb59a00000000
Valid from: Mon Mar 06 16:32:43 PST 2017 until: Thu Mar 05 16:32:43 PST 2020
Certificate fingerprints:
MD5: 44:15:FC:42:BE:A3:A5:7E:C3:86:AF:82:50:51:E3:E4
SHA1: 38:D3:42:19:6C:71:5C:02:BF:8E:A1:02:DE:A3:D8:0C:D4:73:8D:B7
SHA256:
13:71:F8:1A:22:A3:43:93:29:1D:2F:41:F8:C0:1E:25:79:E2:D7:5D:28:53:5C:21:97:A0:68:6C:AD:39:18:62
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D0 B6 50 54 15 F2 64 EA AA EB D4 82 A0 07 B4 2D ..PT..d........-
0010: 28 AC 66 CF (.f.
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Key_Agreement
Key_CertSign
Crl_Sign
]
#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D0 B6 50 54 15 F2 64 EA AA EB D4 82 A0 07 B4 2D ..PT..d........-
0010: 28 AC 66 CF (.f.
]
]
*******************************************
*******************************************
hw12203:...assembly/target/nifi-toolkit-1.2.0-SNAPSHOT-bin/nifi-toolkit-1.2.0-SNAPSHOT
(pr1530) alopresto
🔓 1224775s @ 16:33:17 $
```
> TLS Toolkit - define SAN in standalone mode
> -------------------------------------------
>
> Key: NIFI-3490
> URL: https://issues.apache.org/jira/browse/NIFI-3490
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Reporter: Pierre Villard
> Assignee: Pierre Villard
> Priority: Minor
> Labels: tls-toolkit
> Fix For: 1.2.0
>
>
> Following NIFI-3331, it would be useful to have the same option (add Subject
> Alternative Names in certificates) when using the TLS toolkit in standalone
> mode.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
