[ https://issues.apache.org/jira/browse/NIFI-6012?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy LoPresto updated NIFI-6012: -------------------------------- Labels: certificate security tls tls-toolkit (was: ) > NiFi toolkit, tls-toolkit.sh server, doesnt support 3rd party Certificate of > Authoprity > --------------------------------------------------------------------------------------- > > Key: NIFI-6012 > URL: https://issues.apache.org/jira/browse/NIFI-6012 > Project: Apache NiFi > Issue Type: Improvement > Components: Tools and Build > Reporter: Erik Anderson > Assignee: Andy LoPresto > Priority: Major > Labels: certificate, security, tls, tls-toolkit > > Original details are here. > [link certificate chain of trust > |https://mail-archives.apache.org/mod_mbox/nifi-dev/201902.mbox/%3Cb7825d4c-8cdb-4b2e-b625-7942ce067292%40www.fastmail.com%3E] > When running the NiFi toolkit ../bin/tls-toolkit.sh server, how do I get the > server to include an additional public certificate of authority in the > truststore.jks file? > I was looking through the nifi-toolkit-tls code, > For the start sequences of the > ../bin/tls-toolkit.sh server > I would like to recommend an additional option in the client (or server mode) > --additionalTrust=[keystore alias],[keystore alias],[keystore alias] > What this would do is when a client calls the tls-toolkit.sh server, the > server would extract these alias stored in the nifi-ca-keystore.jks, and add > to the returned truststore.jks file. > Example: > --additionalTrust: nifi-cli, digicert, myca > There seems to be a feature in > ../bin/tls-toolkit.sh standalone > --additionalCACertificate > Which might be a similar feature. > This would allow an enterprise that installs MITM proxies, to include > additional certificates into the trust chain. -- This message was sent by Atlassian JIRA (v7.6.3#76005)