This is my usual go-to reference for getting SANs working with openssl CSRs:
https://geekflare.com/san-ssl-certificate/
Newer openssl versions apparently allow it on the command line:
https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-lin
Well, it took a lot of mis steps recreating and signing the certs (used the
wrong CA) and working through all the other issues with SANs, BUT I GOT IT
WORKING!
Thanks David, and thanks to everyone else that helps out in this group!
Nifi is so complicated I can’t imagine trying to do this stuff alo
Hi Phil,
Thanks for providing the stack trace. Recent versions of NiFi include
updates to the OkHttp library, which modified the hostname verification
process. OkHttp starting with version 3.10.0 made changes to TLS hostname
verification, requiring that a certificate contain DNS Subject Alternat
Hi there,
I upgraded an older dev setup today from 1.6.0 to 1.13.2. After a
couple of config tweaks, it’s “working”, but if I try and access the
interface at https://nifi2.domain.blah/ I get a message on screen
stating that nifi1.domain.blah is not verified. The logs contain this
same message, a