Andrew M. Lim created NIFI-7053:
-----------------------------------
Summary: Update Toolkit Guide with macOS 10.15 trusted
certificate requirements (2048 bit key and max of 825 days of validity)
Key: NIFI-7053
URL: https://issues.apache.org/jira/browse/NIFI-7053
Project: Apache NiFi
Issue Type: Improvement
Components: Documentation & Website
Reporter: Andrew M. Lim
I was testing secured NiFi and NiFi Registry on macOS 10.15.2 using certs
generated by the TLS Toolkit. I was able to access the UIs of both apps using
Safari but not able to with Chrome due to a NET::ERR_CERT_REVOKED error which I
had never seen before. Turns out this is a known issue on Catalina
([https://support.apple.com/en-us/HT210176]). macOSX 10.15 requires certs to be:
* valid for 825 days or less
* a minimum 2048 bit key
By default, the TLS Toolkit sets the number of days the cert should be valid
for to 1095 days and the number of bits for generated keys to 2048. Generating
new certs with the required 825 validity solved the issue.
We should document this in the Toolkit Guide for the Mac users in the NiFi
community.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
