[NIFI-7053] Update Toolkit Guide with macOS 10.15 trusted certificate requirements (2048 bit key and max of 825 days of validity) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.12.0, 1.11.2
Component/s: Documentation & Website, Security
Labels:
None

Description

I was testing secured NiFi and NiFi Registry on macOS 10.15.2 using certs generated by the TLS Toolkit. I was able to access the UIs of both apps using Safari but not able to with Chrome due to a NET::ERR_CERT_REVOKED error which I had never seen before. Turns out this is a known issue on Catalina (https://support.apple.com/en-us/HT210176). macOSX 10.15 requires certs to be:

valid for 825 days or less
a minimum 2048 bit key

By default, the TLS Toolkit sets the number of days the cert should be valid for to 1095 days and the number of bits for generated keys to 2048. Generating new certs with the required 825 validity solved the issue.

We should document this in the Toolkit Guide for the Mac users in the NiFi community.

Attachments

Issue Links

is related to

NIFI-7082 In tls-toolkit, change default validity of to 825 days or less

Resolved

links to

GitHub Pull Request #4018

Activity

People

Assignee:: Andrew M. Lim

Reporter:: Andrew M. Lim

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 21/Jan/20 21:32

Updated:: 14/Feb/20 18:31

Resolved:: 31/Jan/20 18:25

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

40m