[jira] [Commented] (NIFI-7053) Update Toolkit Guide with macOS 10.15 trusted certificate requirements (2048 bit key and max of 825 days of validity)

Fri, 14 Feb 2020 10:32:49 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-7053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17037180#comment-17037180
 ] 

ASF subversion and git services commented on NIFI-7053:
-------------------------------------------------------

Commit 85cc5689e636bd3e727872e8feb2834cd7ffeb7a in nifi's branch 
refs/heads/support/nifi-1.11.x from Andrew Lim
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=85cc568 ]

NIFI-7053 Update Toolkit Guide with macOS 10.15 requirements for trus… (#4018)

* NIFI-7053 Update Toolkit Guide with macOS 10.15 requirements for trusted 
certificates

* Simplified note about trusted certs in macOS 10.15

Signed-off-by: Andy LoPresto <[email protected]>

> Update Toolkit Guide with macOS 10.15  trusted certificate requirements (2048 
> bit key and max of 825 days of validity)
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-7053
>                 URL: https://issues.apache.org/jira/browse/NIFI-7053
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Documentation &amp; Website, Security
>            Reporter: Andrew M. Lim
>            Assignee: Andrew M. Lim
>            Priority: Major
>             Fix For: 1.12.0, 1.11.2
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> I was testing secured NiFi and NiFi Registry on macOS 10.15.2 using certs 
> generated by the TLS Toolkit.  I was able to access the UIs of both apps 
> using Safari but not able to with Chrome due to a NET::ERR_CERT_REVOKED error 
> which I had never seen before.  Turns out this is a known issue on Catalina 
> ([https://support.apple.com/en-us/HT210176]). macOSX 10.15 requires certs to 
> be:
>  * valid for 825 days or less
>  * a minimum 2048 bit key
> By default, the TLS Toolkit sets the number of days the cert should be valid 
> for to 1095 days and the number of bits for generated keys to 2048. 
> Generating new certs with the required 825 validity solved the issue.
> We should document this in the Toolkit Guide for the Mac users in the NiFi 
> community.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to