Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-8220 Establish a secure by default configuration for NiFi
  3. NIFI-8403

Implement Self-Signed Certificate Generation for HTTPS Configuration

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.14.0
    • Fix Version/s: 1.14.0
    • Component/s: None

      Description

      Enabling HTTPS through default configuration properties requires the presence of keystore and truststore files.  For default standalone installations, this requires generating a self-signed certificate and private key for storage in a keystore.  The certificate should be stored in a truststore and both files should be placed in a standard location within the NiFi home directory.

      The following requirements should be considered as part of the implementation:

      • Keystore and Truststore format should be PKCS12
      • Keystore and Truststore passwords should use secure random generation
      • The self-signed certificate must contain at least one DNS Subject Alternative Name

      The following implementation questions should be addressed as part of the implementation:

      • Should the certificate subject always use localhost or should other host addresses be evaluated and added as subject alternative names?
      • What is the default expiration for the generated certificate?  Something short should be considered to encourage provisioning a certificate through other means

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jgresock Joseph Gresock
                Reporter:
                exceptionfactory David Handermann
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 3h 40m
                  3h 40m