[jira] [Commented] (NIFI-6012) NiFi toolkit, tls-toolkit.sh server, doesnt support 3rd party Certificate of Authoprity
[ https://issues.apache.org/jira/browse/NIFI-6012?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16764969#comment-16764969 ] Erik Anderson commented on NIFI-6012: - You are right Andy. This is a duplicate of NIFI-5460 > NiFi toolkit, tls-toolkit.sh server, doesnt support 3rd party Certificate of > Authoprity > --- > > Key: NIFI-6012 > URL: https://issues.apache.org/jira/browse/NIFI-6012 > Project: Apache NiFi > Issue Type: Improvement > Components: Tools and Build >Reporter: Erik Anderson >Assignee: Andy LoPresto >Priority: Major > Labels: certificate, security, tls, tls-toolkit > > Original details are here. > [link certificate chain of trust > |https://mail-archives.apache.org/mod_mbox/nifi-dev/201902.mbox/%3Cb7825d4c-8cdb-4b2e-b625-7942ce067292%40www.fastmail.com%3E] > When running the NiFi toolkit ../bin/tls-toolkit.sh server, how do I get the > server to include an additional public certificate of authority in the > truststore.jks file? > I was looking through the nifi-toolkit-tls code, > For the start sequences of the > ../bin/tls-toolkit.sh server > I would like to recommend an additional option in the client (or server mode) > --additionalTrust=[keystore alias],[keystore alias],[keystore alias] > What this would do is when a client calls the tls-toolkit.sh server, the > server would extract these alias stored in the nifi-ca-keystore.jks, and add > to the returned truststore.jks file. > Example: > --additionalTrust: nifi-cli, digicert, myca > There seems to be a feature in > ../bin/tls-toolkit.sh standalone > --additionalCACertificate > Which might be a similar feature. > This would allow an enterprise that installs MITM proxies, to include > additional certificates into the trust chain. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-6012) NiFi toolkit, tls-toolkit.sh server, doesnt support 3rd party Certificate of Authoprity
[ https://issues.apache.org/jira/browse/NIFI-6012?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16764649#comment-16764649 ] Andy LoPresto commented on NIFI-6012: - I believe this issue is a duplicate of NIFI-5460. If not, please indicate what differences you find or additional behavior you expect from a solution to that issue. > NiFi toolkit, tls-toolkit.sh server, doesnt support 3rd party Certificate of > Authoprity > --- > > Key: NIFI-6012 > URL: https://issues.apache.org/jira/browse/NIFI-6012 > Project: Apache NiFi > Issue Type: Improvement > Components: Tools and Build >Reporter: Erik Anderson >Priority: Major > > Original details are here. > [link certificate chain of trust > |https://mail-archives.apache.org/mod_mbox/nifi-dev/201902.mbox/%3Cb7825d4c-8cdb-4b2e-b625-7942ce067292%40www.fastmail.com%3E] > When running the NiFi toolkit ../bin/tls-toolkit.sh server, how do I get the > server to include an additional public certificate of authority in the > truststore.jks file? > I was looking through the nifi-toolkit-tls code, > For the start sequences of the > ../bin/tls-toolkit.sh server > I would like to recommend an additional option in the client (or server mode) > --additionalTrust=[keystore alias],[keystore alias],[keystore alias] > What this would do is when a client calls the tls-toolkit.sh server, the > server would extract these alias stored in the nifi-ca-keystore.jks, and add > to the returned truststore.jks file. > Example: > --additionalTrust: nifi-cli, digicert, myca > There seems to be a feature in > ../bin/tls-toolkit.sh standalone > --additionalCACertificate > Which might be a similar feature. > This would allow an enterprise that installs MITM proxies, to include > additional certificates into the trust chain. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
