subject:"\[GitHub\] nifi issue #2042\: NIFI\-4222 \- Adding CN by default in SANs for generated cer..."

[GitHub] nifi issue #2042: NIFI-4222 - Adding CN by default in SANs for generated cer...

2017-08-09 Thread alopresto

Github user alopresto commented on the issue:

https://github.com/apache/nifi/pull/2042
  
Verified that all tests and contrib-check pass. When run with no SAN 
arguments, the CN is present as a SAN. When run with additional SAN arguments, 
all are present. +1, merging. 

No SAN:
```

hw12203:...assembly/target/nifi-toolkit-1.4.0-SNAPSHOT-bin/nifi-toolkit-1.4.0-SNAPSHOT
 (pr2042) alopresto
ð 186058s @ 18:43:33 $ ./bin/tls-toolkit.sh standalone -n 
'nifi.nifi.apache.org' -P password -S password -f 
../../../../../nifi-assembly/target/nifi-1.4.0-SNAPSHOT-bin/nifi-1.4.0-SNAPSHOT/conf/nifi.properties
2017/08/09 18:58:45 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine: Using 
../../../../../nifi-assembly/target/nifi-1.4.0-SNAPSHOT-bin/nifi-1.4.0-SNAPSHOT/conf/nifi.properties
 as template.
2017/08/09 18:58:46 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Running standalone 
certificate generation with output directory ../nifi-toolkit-1.4.0-SNAPSHOT
2017/08/09 18:58:46 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Generated new CA 
certificate ../nifi-toolkit-1.4.0-SNAPSHOT/nifi-cert.pem and key 
../nifi-toolkit-1.4.0-SNAPSHOT/nifi-key.key
2017/08/09 18:58:46 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Writing new ssl 
configuration to ../nifi-toolkit-1.4.0-SNAPSHOT/nifi.nifi.apache.org
2017/08/09 18:58:46 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Successfully 
generated TLS configuration for nifi.nifi.apache.org 1 in 
../nifi-toolkit-1.4.0-SNAPSHOT/nifi.nifi.apache.org
2017/08/09 18:58:46 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: No clientCertDn 
specified, not generating any client certificates.
2017/08/09 18:58:46 INFO [main] 
org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: tls-toolkit 
standalone completed successfully

hw12203:...assembly/target/nifi-toolkit-1.4.0-SNAPSHOT-bin/nifi-toolkit-1.4.0-SNAPSHOT
 (pr2042) alopresto
ð 186980s @ 18:58:55 $ cd nifi.nifi.apache.org/

hw12203:...toolkit-1.4.0-SNAPSHOT-bin/nifi-toolkit-1.4.0-SNAPSHOT/nifi.nifi.apache.org
 (pr2042) alopresto
ð 186988s @ 18:59:03 $ keytool -list -v -keystore keystore.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: nifi-key
Creation date: Aug 9, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=nifi.nifi.apache.org, OU=NIFI
Issuer: CN=localhost, OU=NIFI
Serial number: 15dc9dd8f39
Valid from: Wed Aug 09 18:58:46 PDT 2017 until: Sat Aug 08 18:58:46 PDT 2020
Certificate fingerprints:
 MD5:  E4:E8:C4:19:C1:06:86:17:C8:E5:13:F6:6F:54:0F:AE
 SHA1: 92:6B:FD:9D:89:55:A5:48:AD:31:A3:FD:A3:A6:6C:A5:C4:A8:31:0E
 SHA256: 
54:8D:30:D2:ED:9A:B0:AE:8C:37:40:9F:2F:80:2D:4A:DC:5D:14:2E:15:57:4C:71:CF:77:D6:F0:3F:92:6D:04
 Signature algorithm name: SHA256withRSA
 Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
: 6B 65 AB 68 5A 0A CB 59   A2 B9 0B 9E 36 2D 60 47  ke.hZ..Y6-`G
0010: 21 08 08 25!..%
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
  serverAuth
]

#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Key_Agreement
]

#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: nifi.nifi.apache.org
]

#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
: D9 18 43 B3 38 24 18 89   E6 1B 62 D7 AB 35 C5 14  ..C.8$b..5..
0010: 88 E9 19 E3
]
]

Certificate[2]:
Owner: CN=localhost, OU=NIFI
Issuer: CN=localhost, OU=NIFI
Serial number: 15dc9dd8d4c
Valid from: Wed Aug 09 18:58:46 PDT 2017 until: Sat Aug 08 18:58:46 PDT 2020
Certificate fingerprints:
 MD5:  A1:9E:4A:7C:65:F1:B7:E9:8F:4D:D0:18:74:E8:AA:2E
 SHA1: CD:31:8B:74:85:C7:21:4A:DB:F6:58:34:69:B7:19:6C:3B:9E:CE:00
 SHA256: 
A9:AB:C5:73:9D:B3:ED:C3:D5:79:BD:4B:E0:14:1D:0F:DC:68:41:BC:09:70:5B:2D:BD:E0:AB:49:55:14:79:3B
 Signature algorithm name: SHA256withRSA
 Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
: 6B 65 AB 68 5A 0A CB 59   A2 B9 0B 9E 36 2D 60 47  ke.hZ..Y

[GitHub] nifi issue #2042: NIFI-4222 - Adding CN by default in SANs for generated cer...

2017-08-09 Thread alopresto

Github user alopresto commented on the issue:

https://github.com/apache/nifi/pull/2042
  
Reviewing...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi issue #2042: NIFI-4222 - Adding CN by default in SANs for generated cer...

[GitHub] nifi issue #2042: NIFI-4222 - Adding CN by default in SANs for generated cer...

2 matches

Site Navigation

Mail list logo

Footer information