Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-6012

NiFi toolkit, tls-toolkit.sh server, doesnt support 3rd party Certificate of Authoprity

    XMLWordPrintableJSON

    Details

      Description

      Original details are here.

      link certificate chain of trust

      When running the NiFi toolkit ../bin/tls-toolkit.sh server, how do I get the server to include an additional public certificate of authority in the truststore.jks file?

      I was looking through the nifi-toolkit-tls code,
      For the start sequences of the
      ../bin/tls-toolkit.sh server

      I would like to recommend an additional option in the client (or server mode)
      --additionalTrust=[keystore alias],[keystore alias],[keystore alias]
      What this would do is when a client calls the tls-toolkit.sh server, the server would extract these alias stored in the nifi-ca-keystore.jks, and add to the returned truststore.jks file.

      Example:
      --additionalTrust: nifi-cli, digicert, myca

      There seems to be a feature in
      ../bin/tls-toolkit.sh standalone
      --additionalCACertificate

      Which might be a similar feature.

      This would allow an enterprise that installs MITM proxies, to include additional certificates into the trust chain.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                alopresto Andy LoPresto
                Reporter:
                ErikAnderson Erik Anderson
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: