[ https://issues.apache.org/jira/browse/NIFI-8403?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joseph Gresock reassigned NIFI-8403: ------------------------------------ Assignee: Joseph Gresock > Implement Self-Signed Certificate Generation for HTTPS Configuration > -------------------------------------------------------------------- > > Key: NIFI-8403 > URL: https://issues.apache.org/jira/browse/NIFI-8403 > Project: Apache NiFi > Issue Type: Sub-task > Affects Versions: 1.14.0 > Reporter: David Handermann > Assignee: Joseph Gresock > Priority: Major > Labels: https, pkcs12, security > > Enabling HTTPS through default configuration properties requires the presence > of keystore and truststore files. For default standalone installations, this > requires generating a self-signed certificate and private key for storage in > a keystore. The certificate should be stored in a truststore and both files > should be placed in a standard location within the NiFi home directory. > The following requirements should be considered as part of the implementation: > * Keystore and Truststore format should be PKCS12 > * Keystore and Truststore passwords should use secure random generation > * The self-signed certificate must contain at least one DNS Subject > Alternative Name > The following implementation questions should be addressed as part of the > implementation: > * Should the certificate subject always use {{localhost}} or should other > host addresses be evaluated and added as subject alternative names? > * What is the default expiration for the generated certificate? Something > short should be considered to encourage provisioning a certificate through > other means -- This message was sent by Atlassian Jira (v8.3.4#803005)