[ https://issues.apache.org/jira/browse/NIFI-3331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15866626#comment-15866626 ]
ASF GitHub Bot commented on NIFI-3331: -------------------------------------- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/1491#discussion_r101138252 --- Diff: nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java --- @@ -180,7 +180,7 @@ public void createNifiKeystoresAndTrustStores(StandaloneConfig standaloneConfig) TlsClientManager tlsClientManager = new TlsClientManager(tlsClientConfig); KeyPair keyPair = TlsHelper.generateKeyPair(keyPairAlgorithm, keySize); tlsClientManager.addPrivateKeyToKeyStore(keyPair, NIFI_KEY, CertificateUtils.generateIssuedCertificate(tlsClientConfig.calcDefaultDn(hostname), - keyPair.getPublic(), certificate, caKeyPair, signingAlgorithm, days), certificate); + keyPair.getPublic(), null, certificate, caKeyPair, signingAlgorithm, days), certificate); --- End diff -- Why not allow SAN population from the standalone tool also? > TLS Toolkit - add the possibility to define a SAN in issued certificates > ------------------------------------------------------------------------ > > Key: NIFI-3331 > URL: https://issues.apache.org/jira/browse/NIFI-3331 > Project: Apache NiFi > Issue Type: Improvement > Components: Tools and Build > Reporter: Pierre Villard > Assignee: Pierre Villard > Labels: tls-toolkit > Fix For: 1.2.0 > > > To ease the deployment of a load balancer in front of NiFi, it would be nice > to allow users to define a SAN in certificates issued by the CA. > To load balance the access to the UI or even with a ListenHTTP processor, > both will cause errors with a "Host mismatch" kind of error because of > different fqdn between nodes certificate and LB certificate. This is also > discussed here: http://stackoverflow.com/questions/40035356/nifi-load-balancer -- This message was sent by Atlassian JIRA (v6.3.15#6346)