David Handermann created NIFI-8403: -------------------------------------- Summary: Implement Self-Signed Certificate Generation for HTTPS Configuration Key: NIFI-8403 URL: https://issues.apache.org/jira/browse/NIFI-8403 Project: Apache NiFi Issue Type: Sub-task Affects Versions: 1.14.0 Reporter: David Handermann
Enabling HTTPS through default configuration properties requires the presence of keystore and truststore files. For default standalone installations, this requires generating a self-signed certificate and private key for storage in a keystore. The certificate should be stored in a truststore and both files should be placed in a standard location within the NiFi home directory. The following requirements should be considered as part of the implementation: * Keystore and Truststore format should be PKCS12 * Keystore and Truststore passwords should use secure random generation * The self-signed certificate must contain at least one DNS Subject Alternative Name The following implementation questions should be addressed as part of the implementation: * Should the certificate subject always use {{localhost}} or should other host addresses be evaluated and added as subject alternative names? * What is the default expiration for the generated certificate? Something short should be considered to encourage provisioning a certificate through other means -- This message was sent by Atlassian Jira (v8.3.4#803005)