David Handermann created NIFI-8403:
--------------------------------------
Summary: Implement Self-Signed Certificate Generation for HTTPS
Configuration
Key: NIFI-8403
URL: https://issues.apache.org/jira/browse/NIFI-8403
Project: Apache NiFi
Issue Type: Sub-task
Affects Versions: 1.14.0
Reporter: David Handermann
Enabling HTTPS through default configuration properties requires the presence
of keystore and truststore files. For default standalone installations, this
requires generating a self-signed certificate and private key for storage in a
keystore. The certificate should be stored in a truststore and both files
should be placed in a standard location within the NiFi home directory.
The following requirements should be considered as part of the implementation:
* Keystore and Truststore format should be PKCS12
* Keystore and Truststore passwords should use secure random generation
* The self-signed certificate must contain at least one DNS Subject
Alternative Name
The following implementation questions should be addressed as part of the
implementation:
* Should the certificate subject always use {{localhost}} or should other host
addresses be evaluated and added as subject alternative names?
* What is the default expiration for the generated certificate? Something
short should be considered to encourage provisioning a certificate through
other means
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
