[ https://issues.apache.org/jira/browse/NIFI-7673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Grey resolved NIFI-7673. ----------------------------- Resolution: Won't Do In a recent mailing list discussion [1], a consensus discussion was made to deprecate the module "nifi-toolkit-tls". A set of tickets [2] [3] [4] was opened and resolved to carry out this work. In order to complete this effort, any open tickets in the NIFI project relating to defects, enhancements, etc of "nifi-toolkit-tls" should be marked resolved. [1] https://lists.apache.org/thread/vn1nzobtz4fh7fs461sgg8jj9zygrk0f [2] NIFI-12169 - Documentation updates to provide alternatives to usage of TLS Toolkit [3] NIFI-12200 - Remove nifi-toolkit-tls module [4] NIFI-12201 - Deprecation markings for nifi-toolkit-tls module in support/nifi-1.x > Toolkit in diagnostic mode should verify independent node > --------------------------------------------------------- > > Key: NIFI-7673 > URL: https://issues.apache.org/jira/browse/NIFI-7673 > Project: Apache NiFi > Issue Type: Improvement > Components: Configuration Management, Tools and Build > Affects Versions: 1.11.4 > Reporter: Veda Kadam > Assignee: Veda Kadam > Priority: Major > Labels: keystore, security, tls, tls-toolkit > Time Spent: 8h 20m > Remaining Estimate: 0h > > * Incomplete chainĀ > * All nodes have wildcard certificates. Cannot identify one node from the > other > * Use any certs as long as prerequisites are aligned with NiFi. > * Build monitoring for expiration of TLS certificates > * Ambari using NiFi CA, overrides/corrupts if using external certs > * Populate authorization.xml file if using external certs > * Have internal method to avoid removal of authorization.xml and users.xml > * Explicit document with prerequisites for certs > * --additionalCACertificate <arg> for Client-Server model > * Validate certs if not using CA toolkit > * Firewall/DNS issues resolving multiple nodes in cluster > * Independent node configuration verification > # Priority 0 > # Addresses B, C, D, J > # Description: Verifies each node has the correct configuration files and > passwords available, and that the key/certificate contents of the keystore > and truststore are correct for that node > # Steps > # Run on each node > # Read the nifi.properties file > # Verify the keystore and truststore are located at the correct file path > # Verify the keystore password, key password, and truststore password are > correct > # Verify that the keystore contains a single private key entry and a public > certificate which identifies this host > # CN > # SAN > # Not wildcard (or at least unique SAN present) > # EKU > # Certificate validity dates > # Key size > # Other OIDs > # Verify that the truststore contains at least one public certificate > # Verify that the truststore contains a public certificate which verifies > the private key in the keystore for this node (i.e. this node would trust > itself/the signer of itself) -- This message was sent by Atlassian Jira (v8.20.10#820010)