[
https://issues.apache.org/jira/browse/NIFI-8403?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joseph Gresock reassigned NIFI-8403:
------------------------------------
Assignee: Joseph Gresock
> Implement Self-Signed Certificate Generation for HTTPS Configuration
> --------------------------------------------------------------------
>
> Key: NIFI-8403
> URL: https://issues.apache.org/jira/browse/NIFI-8403
> Project: Apache NiFi
> Issue Type: Sub-task
> Affects Versions: 1.14.0
> Reporter: David Handermann
> Assignee: Joseph Gresock
> Priority: Major
> Labels: https, pkcs12, security
>
> Enabling HTTPS through default configuration properties requires the presence
> of keystore and truststore files. For default standalone installations, this
> requires generating a self-signed certificate and private key for storage in
> a keystore. The certificate should be stored in a truststore and both files
> should be placed in a standard location within the NiFi home directory.
> The following requirements should be considered as part of the implementation:
> * Keystore and Truststore format should be PKCS12
> * Keystore and Truststore passwords should use secure random generation
> * The self-signed certificate must contain at least one DNS Subject
> Alternative Name
> The following implementation questions should be addressed as part of the
> implementation:
> * Should the certificate subject always use {{localhost}} or should other
> host addresses be evaluated and added as subject alternative names?
> * What is the default expiration for the generated certificate? Something
> short should be considered to encourage provisioning a certificate through
> other means
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
