ChrisSamo632 commented on code in PR #7879: URL: https://github.com/apache/nifi/pull/7879#discussion_r1362755726
########## nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/keys/README.md: ########## @@ -72,20 +72,10 @@ WD="/tmp/test-keys-$(date +"%Y%m%d-%H%M%S")" mkdir "$WD" cd "$WD" -# copy existing CA key/cert pair to working directory, rename to default tls-toolkit names +# copy existing CA key/cert pair to working directory, rename to default names cp /path/to/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/keys/ca-key.pem ./nifi-key.key cp /path/to/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/test/resources/keys/ca-cert.pem ./nifi-cert.pem Review Comment: Some alternative wording here and elsewhere in the docs would seem sensible, e.g. based on the recent [dev mailing list thread](https://lists.apache.org/thread/fny5phr1mq2pqo86hqs1lmsnfrqt06sf) started by @exceptionfactory I think the important thing is to strike the right balance between pointing administrators at the need for obtaining certificates, but without detailing the multitude of possible ways to do so (as people's needs are often different for different environments) Do we note a set of minimum requirements and suggest people look to obtain a certificate (in the required format) from a reputable CA, or maybe generate self-signed certificates for development deployments? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
