Github user alopresto commented on the issue:

    https://github.com/apache/nifi/pull/2042
  
    Verified that all tests and contrib-check pass. When run with no SAN 
arguments, the CN is present as a SAN. When run with additional SAN arguments, 
all are present. +1, merging. 
    
    No SAN:
    ```
    
hw12203:...assembly/target/nifi-toolkit-1.4.0-SNAPSHOT-bin/nifi-toolkit-1.4.0-SNAPSHOT
 (pr2042) alopresto
    🔓 186058s @ 18:43:33 $ ./bin/tls-toolkit.sh standalone -n 
'nifi.nifi.apache.org' -P password -S password -f 
../../../../../nifi-assembly/target/nifi-1.4.0-SNAPSHOT-bin/nifi-1.4.0-SNAPSHOT/conf/nifi.properties
    2017/08/09 18:58:45 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine: Using 
../../../../../nifi-assembly/target/nifi-1.4.0-SNAPSHOT-bin/nifi-1.4.0-SNAPSHOT/conf/nifi.properties
 as template.
    2017/08/09 18:58:46 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Running standalone 
certificate generation with output directory ../nifi-toolkit-1.4.0-SNAPSHOT
    2017/08/09 18:58:46 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Generated new CA 
certificate ../nifi-toolkit-1.4.0-SNAPSHOT/nifi-cert.pem and key 
../nifi-toolkit-1.4.0-SNAPSHOT/nifi-key.key
    2017/08/09 18:58:46 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Writing new ssl 
configuration to ../nifi-toolkit-1.4.0-SNAPSHOT/nifi.nifi.apache.org
    2017/08/09 18:58:46 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Successfully 
generated TLS configuration for nifi.nifi.apache.org 1 in 
../nifi-toolkit-1.4.0-SNAPSHOT/nifi.nifi.apache.org
    2017/08/09 18:58:46 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: No clientCertDn 
specified, not generating any client certificates.
    2017/08/09 18:58:46 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: tls-toolkit 
standalone completed successfully
    
hw12203:...assembly/target/nifi-toolkit-1.4.0-SNAPSHOT-bin/nifi-toolkit-1.4.0-SNAPSHOT
 (pr2042) alopresto
    🔓 186980s @ 18:58:55 $ cd nifi.nifi.apache.org/
    
hw12203:...toolkit-1.4.0-SNAPSHOT-bin/nifi-toolkit-1.4.0-SNAPSHOT/nifi.nifi.apache.org
 (pr2042) alopresto
    🔓 186988s @ 18:59:03 $ keytool -list -v -keystore keystore.jks
    Enter keystore password:
    
    Keystore type: JKS
    Keystore provider: SUN
    
    Your keystore contains 1 entry
    
    Alias name: nifi-key
    Creation date: Aug 9, 2017
    Entry type: PrivateKeyEntry
    Certificate chain length: 2
    Certificate[1]:
    Owner: CN=nifi.nifi.apache.org, OU=NIFI
    Issuer: CN=localhost, OU=NIFI
    Serial number: 15dc9dd8f3900000000
    Valid from: Wed Aug 09 18:58:46 PDT 2017 until: Sat Aug 08 18:58:46 PDT 2020
    Certificate fingerprints:
         MD5:  E4:E8:C4:19:C1:06:86:17:C8:E5:13:F6:6F:54:0F:AE
         SHA1: 92:6B:FD:9D:89:55:A5:48:AD:31:A3:FD:A3:A6:6C:A5:C4:A8:31:0E
         SHA256: 
54:8D:30:D2:ED:9A:B0:AE:8C:37:40:9F:2F:80:2D:4A:DC:5D:14:2E:15:57:4C:71:CF:77:D6:F0:3F:92:6D:04
         Signature algorithm name: SHA256withRSA
         Version: 3
    
    Extensions:
    
    #1: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: 6B 65 AB 68 5A 0A CB 59   A2 B9 0B 9E 36 2D 60 47  ke.hZ..Y....6-`G
    0010: 21 08 08 25                                        !..%
    ]
    ]
    
    #2: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
      CA:false
      PathLen: undefined
    ]
    
    #3: ObjectId: 2.5.29.37 Criticality=false
    ExtendedKeyUsages [
      clientAuth
      serverAuth
    ]
    
    #4: ObjectId: 2.5.29.15 Criticality=true
    KeyUsage [
      DigitalSignature
      Non_repudiation
      Key_Encipherment
      Data_Encipherment
      Key_Agreement
    ]
    
    #5: ObjectId: 2.5.29.17 Criticality=false
    SubjectAlternativeName [
      DNSName: nifi.nifi.apache.org
    ]
    
    #6: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: D9 18 43 B3 38 24 18 89   E6 1B 62 D7 AB 35 C5 14  ..C.8$....b..5..
    0010: 88 E9 19 E3                                        ....
    ]
    ]
    
    Certificate[2]:
    Owner: CN=localhost, OU=NIFI
    Issuer: CN=localhost, OU=NIFI
    Serial number: 15dc9dd8d4c00000000
    Valid from: Wed Aug 09 18:58:46 PDT 2017 until: Sat Aug 08 18:58:46 PDT 2020
    Certificate fingerprints:
         MD5:  A1:9E:4A:7C:65:F1:B7:E9:8F:4D:D0:18:74:E8:AA:2E
         SHA1: CD:31:8B:74:85:C7:21:4A:DB:F6:58:34:69:B7:19:6C:3B:9E:CE:00
         SHA256: 
A9:AB:C5:73:9D:B3:ED:C3:D5:79:BD:4B:E0:14:1D:0F:DC:68:41:BC:09:70:5B:2D:BD:E0:AB:49:55:14:79:3B
         Signature algorithm name: SHA256withRSA
         Version: 3
    
    Extensions:
    
    #1: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: 6B 65 AB 68 5A 0A CB 59   A2 B9 0B 9E 36 2D 60 47  ke.hZ..Y....6-`G
    0010: 21 08 08 25                                        !..%
    ]
    ]
    
    #2: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
      CA:true
      PathLen:2147483647
    ]
    
    #3: ObjectId: 2.5.29.37 Criticality=false
    ExtendedKeyUsages [
      clientAuth
      serverAuth
    ]
    
    #4: ObjectId: 2.5.29.15 Criticality=true
    KeyUsage [
      DigitalSignature
      Non_repudiation
      Key_Encipherment
      Data_Encipherment
      Key_Agreement
      Key_CertSign
      Crl_Sign
    ]
    
    #5: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: 6B 65 AB 68 5A 0A CB 59   A2 B9 0B 9E 36 2D 60 47  ke.hZ..Y....6-`G
    0010: 21 08 08 25                                        !..%
    ]
    ]
    
    
    
    *******************************************
    *******************************************
    
    
    
hw12203:...toolkit-1.4.0-SNAPSHOT-bin/nifi-toolkit-1.4.0-SNAPSHOT/nifi.nifi.apache.org
 (pr2042) alopresto
    🔓 186999s @ 18:59:14 $
    ```
    
    Additional SAN:
    ```
    
hw12203:...assembly/target/nifi-toolkit-1.4.0-SNAPSHOT-bin/nifi-toolkit-1.4.0-SNAPSHOT
 (pr2042) alopresto
    🔓 187123s @ 19:01:18 $ ./bin/tls-toolkit.sh standalone -n 
'nifi.nifi.apache.org' -P password -S password -f 
../../../../../nifi-assembly/target/nifi-1.4.0-SNAPSHOT-bin/nifi-1.4.0-SNAPSHOT/conf/nifi.properties
 -O --subjectAlternativeNames '127.0.0.1,localhost'
    2017/08/09 19:01:43 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine: Using 
../../../../../nifi-assembly/target/nifi-1.4.0-SNAPSHOT-bin/nifi-1.4.0-SNAPSHOT/conf/nifi.properties
 as template.
    2017/08/09 19:01:43 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Running standalone 
certificate generation with output directory ../nifi-toolkit-1.4.0-SNAPSHOT
    2017/08/09 19:01:44 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Using existing CA 
certificate ../nifi-toolkit-1.4.0-SNAPSHOT/nifi-cert.pem and key 
../nifi-toolkit-1.4.0-SNAPSHOT/nifi-key.key
    2017/08/09 19:01:44 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Overwriting any 
existing ssl configuration in 
../nifi-toolkit-1.4.0-SNAPSHOT/nifi.nifi.apache.org
    2017/08/09 19:01:44 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Successfully 
generated TLS configuration for nifi.nifi.apache.org 1 in 
../nifi-toolkit-1.4.0-SNAPSHOT/nifi.nifi.apache.org
    2017/08/09 19:01:44 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: No clientCertDn 
specified, not generating any client certificates.
    2017/08/09 19:01:44 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: tls-toolkit 
standalone completed successfully
    
hw12203:...assembly/target/nifi-toolkit-1.4.0-SNAPSHOT-bin/nifi-toolkit-1.4.0-SNAPSHOT
 (pr2042) alopresto
    🔓 187150s @ 19:01:45 $ cd nifi.nifi.apache.org/
    
hw12203:...toolkit-1.4.0-SNAPSHOT-bin/nifi-toolkit-1.4.0-SNAPSHOT/nifi.nifi.apache.org
 (pr2042) alopresto
    🔓 187156s @ 19:01:51 $ keytool -list -v -keystore keystore.jks
    Enter keystore password:
    
    Keystore type: JKS
    Keystore provider: SUN
    
    Your keystore contains 1 entry
    
    Alias name: nifi-key
    Creation date: Aug 9, 2017
    Entry type: PrivateKeyEntry
    Certificate chain length: 2
    Certificate[1]:
    Owner: CN=nifi.nifi.apache.org, OU=NIFI
    Issuer: CN=localhost, OU=NIFI
    Serial number: 15dc9e0465100000000
    Valid from: Wed Aug 09 19:01:44 PDT 2017 until: Sat Aug 08 19:01:44 PDT 2020
    Certificate fingerprints:
         MD5:  AA:D1:5F:CC:BA:BE:ED:4D:5E:08:DB:2E:6D:E6:95:57
         SHA1: F3:8B:A5:41:28:69:8F:0C:91:08:70:EB:F6:BE:B1:58:EE:F4:7B:8D
         SHA256: 
B1:78:8C:05:11:F1:A8:BD:A7:33:EA:8D:9C:B2:FC:A2:C2:94:7D:30:48:77:0A:05:0F:CB:C1:FD:5D:A2:94:66
         Signature algorithm name: SHA256withRSA
         Version: 3
    
    Extensions:
    
    #1: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: 6B 65 AB 68 5A 0A CB 59   A2 B9 0B 9E 36 2D 60 47  ke.hZ..Y....6-`G
    0010: 21 08 08 25                                        !..%
    ]
    ]
    
    #2: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
      CA:false
      PathLen: undefined
    ]
    
    #3: ObjectId: 2.5.29.37 Criticality=false
    ExtendedKeyUsages [
      clientAuth
      serverAuth
    ]
    
    #4: ObjectId: 2.5.29.15 Criticality=true
    KeyUsage [
      DigitalSignature
      Non_repudiation
      Key_Encipherment
      Data_Encipherment
      Key_Agreement
    ]
    
    #5: ObjectId: 2.5.29.17 Criticality=false
    SubjectAlternativeName [
      DNSName: nifi.nifi.apache.org
      DNSName: 127.0.0.1
      DNSName: localhost
    ]
    
    #6: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: 8F 4B 1A 98 92 C5 17 70   B7 C8 F6 9D 5D D3 66 4C  .K.....p....].fL
    0010: 8F F9 3C 19                                        ..<.
    ]
    ]
    
    Certificate[2]:
    Owner: CN=localhost, OU=NIFI
    Issuer: CN=localhost, OU=NIFI
    Serial number: 15dc9dd8d4c00000000
    Valid from: Wed Aug 09 18:58:46 PDT 2017 until: Sat Aug 08 18:58:46 PDT 2020
    Certificate fingerprints:
         MD5:  A1:9E:4A:7C:65:F1:B7:E9:8F:4D:D0:18:74:E8:AA:2E
         SHA1: CD:31:8B:74:85:C7:21:4A:DB:F6:58:34:69:B7:19:6C:3B:9E:CE:00
         SHA256: 
A9:AB:C5:73:9D:B3:ED:C3:D5:79:BD:4B:E0:14:1D:0F:DC:68:41:BC:09:70:5B:2D:BD:E0:AB:49:55:14:79:3B
         Signature algorithm name: SHA256withRSA
         Version: 3
    
    Extensions:
    
    #1: ObjectId: 2.5.29.35 Criticality=false
    AuthorityKeyIdentifier [
    KeyIdentifier [
    0000: 6B 65 AB 68 5A 0A CB 59   A2 B9 0B 9E 36 2D 60 47  ke.hZ..Y....6-`G
    0010: 21 08 08 25                                        !..%
    ]
    ]
    
    #2: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
      CA:true
      PathLen:2147483647
    ]
    
    #3: ObjectId: 2.5.29.37 Criticality=false
    ExtendedKeyUsages [
      clientAuth
      serverAuth
    ]
    
    #4: ObjectId: 2.5.29.15 Criticality=true
    KeyUsage [
      DigitalSignature
      Non_repudiation
      Key_Encipherment
      Data_Encipherment
      Key_Agreement
      Key_CertSign
      Crl_Sign
    ]
    
    #5: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: 6B 65 AB 68 5A 0A CB 59   A2 B9 0B 9E 36 2D 60 47  ke.hZ..Y....6-`G
    0010: 21 08 08 25                                        !..%
    ]
    ]
    
    
    
    *******************************************
    *******************************************
    
    
    
hw12203:...toolkit-1.4.0-SNAPSHOT-bin/nifi-toolkit-1.4.0-SNAPSHOT/nifi.nifi.apache.org
 (pr2042) alopresto
    🔓 187163s @ 19:01:57 $
    ```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to