[
https://issues.apache.org/jira/browse/NIFI-5476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16572175#comment-16572175
]
ASF subversion and git services commented on NIFI-5476:
-------------------------------------------------------
Commit 57baae9ae28f63877e66cbc178cdd127a82d4841 in nifi's branch
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=57baae9 ]
NIFI-5476 Added logic to check CA certificate signature against additional
certificates.
Moved utility code to TlsHelper.
Added unit tests.
Added command-line parsing for additional CA certificate path.
Added documentation on using the TLS Toolkit to generate and sign certificates
using an externally-signed CA.
Updated toolkit external CA documentation to be inline with additional context
from NIFI-5473.
Cleaned up toolkit documentation.
Improved error message by changing to absolute path.
Added Javadoc to and removed unthrown exception declarations from
TlsHelper#verifyCertificateSignature().
Cleaned up unit tests with utility method.
Fixed checkstyle error.
Support conversion of a PKCS#8 formatted private key automatically to avoid
forcing the user to do that. Also add some log messages for debugging when the
parser fails to parse the appropriate object
Incorporated Peter's contribution for PKCS #8 to PKCS #1 conversion.
Added documentation and refactored methods.
Refactored unit test.
Added RAT exclusion for test resource.
This closes #2935.
Co-authored-by: pepov <peterwilcsins...@gmail.com>
Signed-off-by: Matt Gilman <mcgil...@apache.org>
> Enable TLS Toolkit (standalone) to sign certificates with external CA
> certificate
> ---------------------------------------------------------------------------------
>
> Key: NIFI-5476
> URL: https://issues.apache.org/jira/browse/NIFI-5476
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Security, Tools and Build
> Affects Versions: 1.7.1
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Major
> Labels: certificate, pem, pkcs1, pkcs8, pki, security, tls,
> tls-toolkit
>
> The TLS Toolkit can sign certificates using a public certificate and private
> key generated and signed elsewhere by injecting them into the
> {{nifi-cert.pem}} and {{nifi-key.key}} files as long as they are in the
> proper format and self-signed. The toolkit should be enhanced to handle PKCS
> #8 formatted private keys (in addition to the PKCS #1 formatted keys it
> handles now) and to allow for non self-signed certificates.
> To verify this, use certificates generated by
> [TinyCert|https://tinycert.org].
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
