[
https://issues.apache.org/jira/browse/NIFI-5473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16564317#comment-16564317
]
ASF GitHub Bot commented on NIFI-5473:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/2927
@pepov Please provide the bash history (if possible) or list the steps you
took to generate those certificates which resulted in those errors. I will also
try to reproduce with a TinyCert certificate. It may be that the generated cert
(**intermediate CA**) doesn't have the key usage for *Certificate Signing* [see
[https://www.ibm.com/support/knowledgecenter/en/SSKTMJ_9.0.1/admin/conf_keyusageextensionsandextendedkeyusage_r.html](Key
Usage Extension and Extended Key Usage)].
> Add documentation for using intermediate CA with TLS toolkit
> ------------------------------------------------------------
>
> Key: NIFI-5473
> URL: https://issues.apache.org/jira/browse/NIFI-5473
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Documentation & Website, Security, Tools and Build
> Affects Versions: 1.7.1
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Major
> Labels: certificate, documentation, security, tls, tls-toolkit
>
> With some manual work, the TLS toolkit can be used with a pre-existing
> certificate and private key that has been signed by an organization's
> certificate authority (CA) to sign toolkit-generated certificates. The Admin
> Guide should be improved to cover the necessary steps.
> When the separate "Security Guide" / "Toolkit Guide" is created, this content
> should be migrated there.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
