[NIFI-5485] Enable TLS Toolkit (client/server) to sign certificates with external CA certificate - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: In Progress
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.7.1
Fix Version/s: None
Component/s: Security, Tools and Build
Labels:
- certificate
- pem
- pkcs1
- pkcs8
- pki
- security
- tls
- tls-toolkit

Description

The TLS Toolkit can sign certificates using a public certificate and private key generated and signed elsewhere by injecting them into the nifi-cert.pem and nifi-key.key files as long as they are in the proper format and self-signed. The toolkit should be enhanced to handle PKCS #8 formatted private keys (in addition to the PKCS #1 formatted keys it handles now) and to allow for non self-signed certificates.

To verify this, use certificates generated by TinyCert.

Attachments

Issue Links

contains

NIFI-5458 Improve NiFi TLS and certificate management

Open

NIFI-5459 Integrate TLS Toolkit with external CA / certificate providers

Open

NIFI-5473 Add documentation for using intermediate CA with TLS toolkit

Resolved

is a clone of

NIFI-5476 Enable TLS Toolkit (standalone) to sign certificates with external CA certificate

Resolved

relates to

NIFI-5473 Add documentation for using intermediate CA with TLS toolkit

Resolved

Activity

People

Assignee:: Andy LoPresto

Reporter:: Andy LoPresto

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03/Aug/18 03:21

Updated:: 18/Dec/18 01:42