[
https://issues.apache.org/jira/browse/NIFI-7053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew M. Lim updated NIFI-7053:
--------------------------------
Component/s: Security
> Update Toolkit Guide with macOS 10.15 trusted certificate requirements (2048
> bit key and max of 825 days of validity)
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: NIFI-7053
> URL: https://issues.apache.org/jira/browse/NIFI-7053
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Documentation & Website, Security
> Reporter: Andrew M. Lim
> Assignee: Andrew M. Lim
> Priority: Major
>
> I was testing secured NiFi and NiFi Registry on macOS 10.15.2 using certs
> generated by the TLS Toolkit. I was able to access the UIs of both apps
> using Safari but not able to with Chrome due to a NET::ERR_CERT_REVOKED error
> which I had never seen before. Turns out this is a known issue on Catalina
> ([https://support.apple.com/en-us/HT210176]). macOSX 10.15 requires certs to
> be:
> * valid for 825 days or less
> * a minimum 2048 bit key
> By default, the TLS Toolkit sets the number of days the cert should be valid
> for to 1095 days and the number of bits for generated keys to 2048.
> Generating new certs with the required 825 validity solved the issue.
> We should document this in the Toolkit Guide for the Mac users in the NiFi
> community.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
