Andy LoPresto created NIFI-4247:
-----------------------------------
Summary: TLS Toolkit should parse regex in SAN fields
Key: NIFI-4247
URL: https://issues.apache.org/jira/browse/NIFI-4247
Project: Apache NiFi
Issue Type: Improvement
Components: Tools and Build
Affects Versions: 1.3.0
Reporter: Andy LoPresto
Similar to the way the TLS Toolkit can generate multiple certificates with one
command through parsing some minimal regular expression syntax in the hostname
field, the SAN field should be processed the same way. Currently, a command
which generates three hosts via {{ -n "server[1-3].com" }} cannot have the
corresponding SAN entries provided inline. Once NIFI-4222 is implemented, the
hostname will be present in the SAN list by default, but if there are
additional desired entries, the command must be split and run individually.
Example:
||Desired hostname||Desired SAN||
|{{server1.com}}|{{server1.com, otherserver1.com}}|
|{{server2.com}}|{{server2.com, otherserver2.com}}|
|{{server3.com}}|{{server3.com, otherserver3.com}}|
{code}
$ ./bin/tls-toolkit.sh standalone -n "server[1-3].com"
--subjectAlternativeNames "otherserver[1-3].com"
{code}
Currently, this must be run as:
{code}
$ ./bin/tls-toolkit.sh standalone -n "server1.com" --subjectAlternativeNames
"otherserver1.com"
$ ./bin/tls-toolkit.sh standalone -n "server1.com" --subjectAlternativeNames
"otherserver2.com"
$ ./bin/tls-toolkit.sh standalone -n "server1.com" --subjectAlternativeNames
"otherserver3.com"
{code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
