[
https://issues.apache.org/jira/browse/NIFI-3331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15866626#comment-15866626
]
ASF GitHub Bot commented on NIFI-3331:
--------------------------------------
Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/1491#discussion_r101138252
--- Diff:
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java
---
@@ -180,7 +180,7 @@ public void
createNifiKeystoresAndTrustStores(StandaloneConfig standaloneConfig)
TlsClientManager tlsClientManager = new
TlsClientManager(tlsClientConfig);
KeyPair keyPair = TlsHelper.generateKeyPair(keyPairAlgorithm,
keySize);
tlsClientManager.addPrivateKeyToKeyStore(keyPair, NIFI_KEY,
CertificateUtils.generateIssuedCertificate(tlsClientConfig.calcDefaultDn(hostname),
- keyPair.getPublic(), certificate, caKeyPair,
signingAlgorithm, days), certificate);
+ keyPair.getPublic(), null, certificate, caKeyPair,
signingAlgorithm, days), certificate);
--- End diff --
Why not allow SAN population from the standalone tool also?
> TLS Toolkit - add the possibility to define a SAN in issued certificates
> ------------------------------------------------------------------------
>
> Key: NIFI-3331
> URL: https://issues.apache.org/jira/browse/NIFI-3331
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Reporter: Pierre Villard
> Assignee: Pierre Villard
> Labels: tls-toolkit
> Fix For: 1.2.0
>
>
> To ease the deployment of a load balancer in front of NiFi, it would be nice
> to allow users to define a SAN in certificates issued by the CA.
> To load balance the access to the UI or even with a ListenHTTP processor,
> both will cause errors with a "Host mismatch" kind of error because of
> different fqdn between nodes certificate and LB certificate. This is also
> discussed here: http://stackoverflow.com/questions/40035356/nifi-load-balancer
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
